Users login

Create an account »


Users login

Home » Hacking News » Buffer overflow in FTPFS (linux kernel module)

Buffer overflow in FTPFS (linux kernel module)

by phiber on March 14th, 2001 FTPFS ( is a Linux kernel module, enhancing VFS with FTP volume mounting capabilities.

However, it has insufficient bounds checking. If a user can enter mount options through a wrapper, he can take over the whole system, even with restricted capabilities.

Here's a simple exploit :

mount -t ftpfs none /mnt -o ip=,user=xxxxxxxxxxxxxxxxxxxxxxxxxxxx...

The previous command produces an immediate reboot (tested with kernel 2.4.2 and FTPFS 0.1.1) .

The author is aware of that vulnerability.

Contributed by Frank Denis on a BT mailing list

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »