Bugtraq mailing list archives
Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD
From: cmr () IISC COM (Charles M. Richmond)
Date: Wed, 27 Oct 1999 02:45:59 -0400
On Thu, Oct 21, 1999 at 03:05:22PM -0500, Rami Dass wrote:Also, I beleive that this problem occurs only in certain OS's vulnerable to the getcwd() exploit, the ERRATA file, in the 2.6.0 source tree, lists them: "Systems needing getcwd():
...
OSF/1 (osf)
... Gregory A Lundberg <lundberg () VR NET> states:
It's a well-known fact that getwd() is not a good choice; it overruns buffers. getcwd() allows bounds checking and should be used instead. The systems listed above have no getcwd() function, or at least nobody has reported those systems now have one, so we're still assuming they do not (notice we're fixing _that_ class of assumptions by switching to autoconf).
Sun operating systems, in particular SunOS, provide the getcwd() function. Testing has shown the results from that function are not reliable.
Digital UNIX from 4.0b (uname -rsv - OSF1 V4.0 564) does have getcwd() as does Solaris 7 (2.7). Furthermore even if one does use getwd(), it has the following feature in both Solaris and in OSF/1 (DUNIX 4.0b): OSF/1 The maximum pathname length, in characters, is set by the PATH_MAX defini- tion, as specified in the limits.h file. If the length of the pathname of the current directory is greater than (PATH_MAX + 1), including the null byte, getwd() fails and returns a null pointer. Solaris If the length of the pathname of the current working direc- tory is greater than ({PATH_MAX} + 1) including the null byte, getwd() fails and returns a null pointer.
Current thread:
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Rami Dass (Oct 21)
- HP automountd security bulletin dsiebert () ENGINEERING UIOWA EDU (Oct 22)
- Re: HP automountd security bulletin Bennett Todd (Oct 25)
- Re: HP automountd security bulletin Valdis.Kletnieks () VT EDU (Oct 27)
- Re: HP automountd security bulletin Byron Miller (Oct 27)
- Re: HP automountd security bulletin Bennett Todd (Oct 25)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Gregory A Lundberg (Oct 22)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Charles M. Richmond (Oct 26)
- [slackware-security] CA-99-13: wu-ftpd upgrade available (fwd) Rafael Rodrigues Obelheiro (Oct 23)
- RFP9905: Zeus webserver remote root compromise .rain.forest.puppy. (Oct 25)
- HP automountd security bulletin dsiebert () ENGINEERING UIOWA EDU (Oct 22)