FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tnftpd -- remotely exploitable vulnerability

Affected packages
tnftpd < 20040810
0 <= lukemftpd
Affected systems
4.7 <= FreeBSD

Details

VuXML ID c4b025bb-f05d-11d8-9837-000c41e2cdad
Discovery 2004-08-17
Entry 2004-08-17
Modified 2004-08-28

lukemftpd(8) is an enhanced BSD FTP server produced within the NetBSD project. The sources for lukemftpd are shipped with some versions of FreeBSD, however it is not built or installed by default. The build system option WANT_LUKEMFTPD must be set to build and install lukemftpd. [NOTE: An exception is FreeBSD 4.7-RELEASE, wherein lukemftpd was installed, but not enabled, by default.]

Przemyslaw Frasunek discovered several vulnerabilities in lukemftpd arising from races in the out-of-band signal handling code used to implement the ABOR command. As a result of these races, the internal state of the FTP server may be manipulated in unexpected ways.

A remote attacker may be able to cause FTP commands to be executed with the privileges of the running lukemftpd process. This may be a low-privilege `ftp' user if the `-r' command line option is specified, or it may be superuser privileges if `-r' is *not* specified.

References

Bugtraq ID 10967
CVE Name CVE-2004-0794
Message 412239E7.1070807@freebsd.lublin.pl
URL ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc
URL http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpd.c#rev1.158