Bugtraq mailing list archives

Re: SECURITY: new wu-ftpd packages available (fwd)

From: cadence () APOLLO ACI COM PL (Tomasz Grabowski)
Date: Wed, 17 Feb 1999 13:01:07 +0100


On Fri, 12 Feb 1999, Henrik Storner wrote:

I looked into the patch that Red Hat included with the new wu-ftpd
package.
It does implement some checking of the parameters given to the ftp
daemon's realpath() routine; however, at the very top of this routine
there
is an unguarded "strcpy(currpath, pathname)" - the currpath buffer is
declared
locally of size MAXPATHLEN (4K on Linux, it seems).

It looks as if it is still vulnerable.



I think that You are wrong.
Look at the ftpd.c code.
The *pathname can only have up to 250 chars while curpath[1024] ;)


---
Tomasz Grabowski  (0-91)4333950
Akademickie Centrum Informatyki
mailto:cadence () man szczecin pl

Current thread:

Re: SECURITY: new wu-ftpd packages available (fwd) Henrik Storner (Feb 12)
- Re: SECURITY: new wu-ftpd packages available (fwd) Tomasz Grabowski (Feb 17)