Bugtraq mailing list archives
Re: [patch] ProFTPd remote root exploit
From: strombrg () NIS ACS UCI EDU (Dan Stromberg)
Date: Wed, 1 Sep 1999 12:05:44 -0700
Jordan Ritter wrote:
On Mon, 30 Aug 1999, Nic Bellamy wrote:tracked this problem to an sprintf() into a buffer on the stack in the log_xfer() routine in src/log.c. Gotta love it. Sigh.What's interesting to note is that I notified the contact at ProFTPd of this exact overflow back during the last ftpd fiasco (there was more than one way to break proftpd). Assuming that you're making this assertion from the absolute latest source available, I'd say it's unfortunate that this wasn't dealt with many months ago. --jordan
Floody, the old maintainer, fell off the net. MacGuyver has been picking up proftpd development. If you tried to reach Floody, it's no wonder there was no response. I do agree that the situation is regrettable. But there are extenuating circumstances in this case. That is, proftpd is maintained, you just caught it in transition from one maintainer to another.
Current thread:
- Re: [patch] ProFTPd remote root exploit Jordan Ritter (Aug 30)
- Re: [patch] ProFTPd remote root exploit Dan Stromberg (Sep 01)
- [ Kernel panic with FreeBSD-3.2-19990830-STABLE ] Sebastien Petit (Sep 02)