Bugtraq mailing list archives
[patch] ProFTPd remote root exploit
From: sky () WIBBLE NET.INVALID (Nic Bellamy)
Date: Mon, 30 Aug 1999 12:44:35 +1200
Hi,
tracked this problem to an sprintf() into a buffer on the stack in
the log_xfer() routine in src/log.c. Gotta love it. Sigh.
Attached patch against 1.2.0pre3a should fix it (it does the trick here),
although it does still leave ugly stuff in your xferlog. The patch should
also apply to earlier versions without too much trouble.
Regards,
Nic.
-- Nic Bellamy <sky () wibble net>
J. Random Coder.
--- proftpd-1.2.0pre3a/src/log.c.orig Mon Aug 30 12:28:53 1999
+++ proftpd-1.2.0pre3a/src/log.c Mon Aug 30 12:29:05 1999
@@ -111,7 +111,7 @@
if(xferfd == -1)
return 0;
- sprintf(buf,"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n",
+ snprintf(buf,sizeof(buf),"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n",
fmt_time(time(NULL)),xfertime,remhost,fsize,
fname,xfertype,direction,access,user);
Current thread:
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Andreas Jaeger (Aug 24)
- <Possible follow-ups>
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Olaf Kirch (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Benjamin Smee (Aug 29)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michael K. Johnson (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michal Zalewski (Jul 04)
- [patch] ProFTPd remote root exploit Nic Bellamy (Aug 29)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michael K. Johnson (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michal Zalewski (Jul 04)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Josip Rodin (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Chris Butler (Aug 28)