[nas] nas: Multiple Vulnerabilities in nas 1.9.3

Hamid Zamani me at hamidx9.ir
Sat Aug 10 23:39:13 MDT 2013


Hi,

On 08/10/2013 10:08 PM, Erik Auerswald wrote:
> I do not know how to determine if a given string is a valid or invalid TCP
> device on Minix.
> 

on Minix i checked the /dev/tcp :

# ls -la /dev/tcp*
crw-rw-rw- ... /dev/tcp
crw-rw-rw- ... /dev/tcp0

So checking validation can be done as checking the string to be a `valid
Character special file`.

i think just using a stat struct does the trick. ;)

===
     if (status.st_mode & S_IFCHR)
         do so ...
===

of course a symlink may be used to attack (a little stricture ;-) )but i
think it is better choice than leaving it.

Thanks.

-- 
Regards,
Hamid Zamani (aka HAMIDx9)
Ashiyane Digital Security Team



More information about the nas mailing list