Bugtraq mailing list archives
Re: wuftp2.4.2academ beta 12-18 exploit
From: tmogg () ZIGZAG PL (Mariusz Marcinkiewicz)
Date: Wed, 5 May 1999 08:12:55 +0000
On Mon, 3 May 1999, Gregory Newby wrote:
wu-ftpd and variants that use files /etc/ftp* for configuration can easily help protect you against the many recent variants that exploit buffer overflows with MKDIR. All the varieties I've seen require creating a directory or file - that's where the overflow happens.
khmm, and what about local users? they can get root still and more: I don't need +w access on ftp, if I create dirs in $home and telnet 0 21 I can get root by simple RMD ok, that's better protection then patches (all I've seen didn't work) but you have bug still, not remote but bug always... if you wanna be secure you have to install new ftpd greetz -- tmogg () hert org
Current thread:
- wuftp2.4.2academ beta 12-18 exploit Mixter (May 01)
- Re: wuftp2.4.2academ beta 12-18 exploit Gregory Newby (May 03)
- Re: wuftp2.4.2academ beta 12-18 exploit Mariusz Marcinkiewicz (May 05)
- Re: wuftp2.4.2academ beta 12-18 exploit laq () SWIPNET SE (May 05)
- Re: wuftp2.4.2academ beta 12-18 exploit laq () SWIPNET SEX (May 07)
- wu-ftpd exploit fix Adam Maloney (May 06)
- Re: wu-ftpd exploit fix Jordan Ritter (May 07)
- Debian, Re: wuftp2.4.2academ beta 12-18 exploit A Mennucc1 (May 07)
- Re: wuftp2.4.2academ beta 12-18 exploit Chad Price (May 04)
- Re: wuftp2.4.2academ beta 12-18 exploit Gregory Newby (May 03)