[nas] nas: Multiple Vulnerabilities in nas 1.9.3
Erik Auerswald
auerswal at unix-ag.uni-kl.de
Mon Aug 12 05:20:36 MDT 2013
Hi,
On Sun, Aug 11, 2013 at 10:09:13AM +0430, Hamid Zamani wrote:
> On 08/10/2013 10:08 PM, Erik Auerswald wrote:
> > I do not know how to determine if a given string is a valid or invalid TCP
> > device on Minix.
> >
>
> on Minix i checked the /dev/tcp :
>
> # ls -la /dev/tcp*
> crw-rw-rw- ... /dev/tcp
> crw-rw-rw- ... /dev/tcp0
>
> So checking validation can be done as checking the string to be a `valid
> Character special file`.
>
> i think just using a stat struct does the trick. ;)
>
> ===
> if (status.st_mode & S_IFCHR)
> do so ...
> ===
>
> of course a symlink may be used to attack (a little stricture ;-) )but i
> think it is better choice than leaving it.
I have searched for Minix docs and it seems to me that the TCP device name
should always start with /dev/tcp. Using a numbered TCP device chooses the
respective network interface, no number chooses the default network
interface.
I would suggest to check if the string in the environment variable starts
with /dev/tcp. WDYT?
Should we check that the device name does not contain any /../ parts
as well? Possibly reject anything but digits after the initial /dev/tcp?
Links:
http://www.minix3.org/manpages/html4/ip.html
http://www.minix-vmd.org/pub/minix/2.0.0/manuals/CAT8/S_N_D.8
http://www.minix3.org/manpages/html8/inet.html
Thanks,
Erik
--
Anyone can do any amount of work provided it isn't the work he is supposed
to be doing at the moment.
-- Robert Benchley
More information about the nas
mailing list