[Midnightbsd-cvs] [MidnightBSD/src] 798bf4: A ftpd(8) bug in the implementation of the file sy...
Lucas Holt
noreply at github.com
Tue Sep 15 23:22:14 EDT 2020
Branch: refs/heads/stable/1.2
Home: https://github.com/MidnightBSD/src
Commit: 798bf410de764aef7987988cd684bae5c820dc92
https://github.com/MidnightBSD/src/commit/798bf410de764aef7987988cd684bae5c820dc92
Author: Lucas Holt <luke at foolishgames.com>
Date: 2020-09-15 (Tue, 15 Sep 2020)
Changed paths:
M libexec/ftpd/ftpd.c
Log Message:
-----------
A ftpd(8) bug in the implementation of the file system sandbox, combined
with capabilities available to an authenticated FTP user, can be used to
escape the file system restriction configured in ftpchroot(5).
Moreover, the bug allows a malicious client to gain root privileges.
More information about the Midnightbsd-cvs
mailing list