[Midnightbsd-cvs] [MidnightBSD/src] 037026: A ftpd(8) bug in the implementation of the file sy...
Lucas Holt
noreply at github.com
Tue Sep 15 23:19:56 EDT 2020
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: 0370263d9ee8cd5243aa4f6027157f4ab2276205
https://github.com/MidnightBSD/src/commit/0370263d9ee8cd5243aa4f6027157f4ab2276205
Author: Lucas Holt <luke at foolishgames.com>
Date: 2020-09-15 (Tue, 15 Sep 2020)
Changed paths:
M libexec/ftpd/ftpd.c
Log Message:
-----------
A ftpd(8) bug in the implementation of the file system sandbox, combined
with capabilities available to an authenticated FTP user, can be used to
escape the file system restriction configured in ftpchroot(5).
Moreover, the bug allows a malicious client to gain root privileges.
More information about the Midnightbsd-cvs
mailing list