Title: NetBSD ftpchroot Parsing Vulnerability
Severity: LOW
Description:
In NetBSD 1.4.2 there exists an ftpd vulnerability which prevents /etc/ftpchroot from being used properly to chroot() specific users. chroot() is a system call that changes the root directory of a process, it is used to prevent access of a process outside of a certain subdirectory tree in a filesystem. /etc/ftpchroot is a file that lists users who are to be chroot()ed in their home directories by the ftp daemon, meaning they can only access the directory tree below their homedir. Unfortunately, what was meant to be a fix in other code caused a parsing error that resulted in /etc/ftpchroot not being interpreted properly and thus not restricting the access of the users.
Affected Products:
- NetBSD NetBSD 1.4.2 Alpha
- NetBSD NetBSD 1.4.2 SPARC
- NetBSD NetBSD 1.4.2 arm32
- NetBSD NetBSD 1.4.2 x86
References:
- NetBSD: NetBSD Security Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
