Bugtraq mailing list archives
OBSD ftpd exploit clarification
From: jimjones <jimjones () LOW-LEVEL NET>
Date: Tue, 19 Dec 2000 07:36:05 +0300
It is always sad when something like this has to be posted, but I am only doing this to give proper credit where it is due. As we all know, the OBSD ftpd replydirname() came to light with the post by Kristian Vlaardingerbroek <kris () obit nl> Did he discover it? No. Did he give credit for the code or the discovery? No. The fact of the matter is that this post came from a personal, real-life friend of scrippie's who gained his trust and exploited this trust in order to shamelessly steal and post this vulnerability in a pitiful attempt to gain fame. In fact, the originator of this post did not even know how to fully patch the bug without allowing a remote DOS condition to still exist. The brunt of the work in the development of this exploit was done by scrippie and dvorak and they certainly deserve all due credit for their *-ORIGINAL-* exploitation of this vulnerability. The condition was discovered 11/06/2000 and the exploit was created a week afterwards. Thanks, and let's hope that somebody learns from this post to consider friendship and trust before plagiarism and duplicity for public recognition.
Attachment:
obsd-ftpd.c
Description:
Current thread:
- OBSD ftpd exploit clarification jimjones (Dec 19)