Bugtraq mailing list archives
Re: wu-ftpd exploit fix
From: jpr5 () DARKRIDGE COM (Jordan Ritter)
Date: Fri, 7 May 1999 14:44:10 -0400
On Thu, 6 May 1999, Adam Maloney wrote:
We evaluated the source to the exploit, and made some changes to realpath.c (found in the /src directory of the wu-ftpd tarball)
hate to tell you this, but these things have already been fixed, and by several in parallel. latest vr series ftpd, with redhat's changes merged in: ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd-2.4.2-vr17.tar.gz
Interestingly enough, from the code that we saw, there was already code in the source to handle buffer overflows, but it wasn't implemented for all of the functions.
not to mention path-filter Jordan Ritter Network Security Engineer Netect/Bindview Corp Boston, MA "Quis custodiet ipsos custodes?"
Current thread:
- wuftp2.4.2academ beta 12-18 exploit Mixter (May 01)
- Re: wuftp2.4.2academ beta 12-18 exploit Gregory Newby (May 03)
- Re: wuftp2.4.2academ beta 12-18 exploit Mariusz Marcinkiewicz (May 05)
- Re: wuftp2.4.2academ beta 12-18 exploit laq () SWIPNET SE (May 05)
- Re: wuftp2.4.2academ beta 12-18 exploit laq () SWIPNET SEX (May 07)
- wu-ftpd exploit fix Adam Maloney (May 06)
- Re: wu-ftpd exploit fix Jordan Ritter (May 07)
- Debian, Re: wuftp2.4.2academ beta 12-18 exploit A Mennucc1 (May 07)
- Re: wuftp2.4.2academ beta 12-18 exploit Chad Price (May 04)
- Re: wuftp2.4.2academ beta 12-18 exploit Gregory Newby (May 03)