发布时间 :2000-05-28 00:00:00
修订时间 :2008-09-10 15:04:43

[原文]ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.

[CNNVD]NetBSD ftpchroot分析漏洞(CNNVD-200005-098)

        NetBSD 1.4.2版本中ftpd无法正确解析/etc/ftpchroot条目,chroot指定用户。用户利用此漏洞可以访问主目录之外的其他文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  1273

- 漏洞信息

NetBSD ftpchroot分析漏洞
低危 设计错误
2000-05-28 00:00:00 2005-05-02 00:00:00
        NetBSD 1.4.2版本中ftpd无法正确解析/etc/ftpchroot条目,chroot指定用户。用户利用此漏洞可以访问主目录之外的其他文件。

- 公告与补丁

        From the advisory:
        This problem affects only NetBSD-1.4.2 and versions of NetBSD-current
        between 19990930 and 19991212; it does not affect NetBSD-1.4.1 or
        earlier, or versions of NetBSD-current after 19991212 or before 19990930.
        If you do not need to use /etc/ftpchroot, you do not need to take any
        If you're running NetBSD-current fetched between the above dates,
        update to a newer version of NetBSD-current.
        If you're runing NetBSD-1.4.2, fetch the following patch, apply it to
        src/libexec/ftpd/ftpd.c using the patch(1) command, rebuild and
        reinstall ftpd, and kill off any existing FTP daemons (to ensure that
        any improperly granted access is revoked).
        Since the patch is small, it is reproduced inline here:
        *** ftpd.c 1999/10/01 12:08:06
        - --- ftpd.c 2000/05/11 10:14:37
        *** 489,496 ****
         if (glob == NULL || glob[0] == '#')
         perm = strtok(NULL, " \t\n");
        - - if (perm == NULL)
        - - continue;
         if (fnmatch(glob, name, 0) == 0) {
         if (perm != NULL &&
         ((strcasecmp(perm, "allow") == 0) ||
        - --- 489,494 ----

- 漏洞信息

NetBSD ftpchroot Broken Parsing Arbitrary File Access
Remote / Network Access Misconfiguration
Loss of Confidentiality
Exploit Public

- 漏洞描述

NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when ftpd fails to parse "/etc/ftpchroot" and the chroot function is not called, which allows malicious users to access files outside their home directories. This flaw may lead to a loss of confidentiality.

- 时间线

2000-05-28 Unknow
2000-05-28 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, NetBSD has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者