Bugtraq mailing list archives
Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
From: chrisb () SANDY FORCE9 CO UK (Chris Butler)
Date: Sat, 28 Aug 1999 13:17:26 +0100
On Wed, Aug 25, 1999 at 09:11:43PM +0200, Josip Rodin wrote:
On Sun, Jul 04, 1999 at 01:38:48PM +0200, Michal Zalewski wrote:---------------------------- wu-ftpd 2.5, VR and BeroFTPD ---------------------------- Compromise: remote root Solution: add strlen() check somewhereThe Debian package of wu-ftpd (2.5.0-3) has just been updated with this patch:
[snip patch] Note that the next release (2.5.0-4) will contain the patch from ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/ \ mapped.path.overrun.patch (split for readability). This fixes another similar buffer overrun as well. -- Chris Butler e-mail: <chrisb () sandy force9 co uk> -------------------------------------------------------------------------- PGP key 9D973385/1024 fingerprint: 047E 3689 387A 8C4B 709C 74A2 7AB3 4869
Current thread:
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Andreas Jaeger (Aug 24)
- <Possible follow-ups>
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Olaf Kirch (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Benjamin Smee (Aug 29)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michael K. Johnson (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michal Zalewski (Jul 04)
- [patch] ProFTPd remote root exploit Nic Bellamy (Aug 29)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michael K. Johnson (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michal Zalewski (Jul 04)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Josip Rodin (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Chris Butler (Aug 28)