[nas] nas: Multiple Vulnerabilities in nas 1.9.3
Hamid Zamani
me at hamidx9.ir
Sat Aug 10 23:39:13 MDT 2013
Hi,
On 08/10/2013 10:08 PM, Erik Auerswald wrote:
> I do not know how to determine if a given string is a valid or invalid TCP
> device on Minix.
>
on Minix i checked the /dev/tcp :
# ls -la /dev/tcp*
crw-rw-rw- ... /dev/tcp
crw-rw-rw- ... /dev/tcp0
So checking validation can be done as checking the string to be a `valid
Character special file`.
i think just using a stat struct does the trick. ;)
===
if (status.st_mode & S_IFCHR)
do so ...
===
of course a symlink may be used to attack (a little stricture ;-) )but i
think it is better choice than leaving it.
Thanks.
--
Regards,
Hamid Zamani (aka HAMIDx9)
Ashiyane Digital Security Team
More information about the nas
mailing list