tags 382029 + unreproducible moreinfo
stop
Hello Roland
On 2006-08-08 Roland Turner wrote:
> {{ note that the Severity: _may_ be overstated, I simply don't know; but
> if gnome-gv can be made to open outbound FTP connections by the contents
> of a postscript file, then this is potentially a very serious hole, on a
> par with local root exploits }}
>
> When viewing a local copy of
> http://www.scs.cs.nyu.edu/~dm/papers/mazieres:sundr-podc.ps.gz (Firefox
> had downloaded it to /tmp/mazieres:sundr-podc.ps.gz and invoked gnome-gv
> as "/usr/bin/gnome-gv /tmp/mazieres:sundr-podc.ps.gz") two odd things
> happened:
>
> - gnome-gv never appeared. (I assumed that I had choked in the .gz, so I
> uncompressed the file, converted to PDF for good measure and opened and
> viewed it with xpdf.)
>
> - An hour later I noticed unexpected network traffic. Upon digging a little
> deeper I noticed continual failed anonymous FTP login attempts to
> 208.113.133.22.
>
>
> Strace showed:
>
> Process 32332 attached - interrupt to quit
> select(51, [50], NULL, NULL, NULL) = 1 (in [50])
> read(50, "220 ProFTPD 1.3.0rc2 Server (Dre"..., 4096) = 62
gnome-gv couldn't display the file here, too, but I did not notice any FTP
connections.
Which process exactly was it that you attached the strace to? Firefox or a
still running gnome-gv process? The IP 208.113.133.22 is registered to
munchies.dreamhost.com from "New Dream Network, LLC" in California. Does this
ring any bell to you?
bye,
-christian-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
