Bugtraq mailing list archives
Re: SECURITY: new wu-ftpd packages available (fwd)
From: cadence () APOLLO ACI COM PL (Tomasz Grabowski)
Date: Wed, 17 Feb 1999 13:01:07 +0100
On Fri, 12 Feb 1999, Henrik Storner wrote:
I looked into the patch that Red Hat included with the new wu-ftpd package. It does implement some checking of the parameters given to the ftp daemon's realpath() routine; however, at the very top of this routine there is an unguarded "strcpy(currpath, pathname)" - the currpath buffer is declared locally of size MAXPATHLEN (4K on Linux, it seems). It looks as if it is still vulnerable.
I think that You are wrong. Look at the ftpd.c code. The *pathname can only have up to 250 chars while curpath[1024] ;) --- Tomasz Grabowski (0-91)4333950 Akademickie Centrum Informatyki mailto:cadence () man szczecin pl
Current thread:
- Re: SECURITY: new wu-ftpd packages available (fwd) Henrik Storner (Feb 12)
- Re: SECURITY: new wu-ftpd packages available (fwd) Tomasz Grabowski (Feb 17)