TUCoPS :: Unix :: General
:: unix4887.htm
30th Nov 2001 [SBWID-4887]
COMMAND
frox buffer overflow
SYSTEMS AFFECTED
frox 0.6.x
PROBLEM
On frox@hollo.org dev list :
There is an error in calculating the necessary size for a buffer into
which cache file header information is written when frox is caching ftp
retrievals. This buffer is written into with sprintf, and may overflow
if a hostile ftp server returns a long string in reply to an MDTM
request when retrieving a file with a long pathname. This could allow
arbitrary code to be executed as the user under which frox is running
(normally not root). There is not currently any known exploit code for
this vulnerability.
An installation is vulnerable if it is running frox versions 0.6.0
through 0.6.6, it has the local caching method selected in the config
file, and clients make an anonymous ftp connection to a hostile ftp
server and attempt to download a file with a long pathname.
The vulnerability only exists if local caching is enabled (ie.
\"CacheModule Local\" is set in the config file), and commenting this
out provides a temporary workaround.
SOLUTION
Update from :
http://frox.sourceforge.net/
http://www.hollo.org/frox