Bugtraq mailing list archives
Re: SECURITY: new wu-ftpd packages available (fwd)
From: storner () N-M COM (Henrik Storner)
Date: Fri, 12 Feb 1999 10:25:42 +0100
Ronald Wahl wrote:
On Tue, 9 Feb 1999, RHS Linux User wrote:A security vulnerability has been identified in all versions of the wu-ftpd server binary shipped with Red Hat Linux.Is it possible that the bug is not fixed yet? mkdir <verylongname> let the deamon do funny things. Can someone reproduce this?
I looked into the patch that Red Hat included with the new wu-ftpd package. It does implement some checking of the parameters given to the ftp daemon's realpath() routine; however, at the very top of this routine there is an unguarded "strcpy(currpath, pathname)" - the currpath buffer is declared locally of size MAXPATHLEN (4K on Linux, it seems). It looks as if it is still vulnerable.
Current thread:
- Re: SECURITY: new wu-ftpd packages available (fwd) Henrik Storner (Feb 12)
- Re: SECURITY: new wu-ftpd packages available (fwd) Tomasz Grabowski (Feb 17)