OBSD ftpd exploit clarification

[jimjones <jimjones () LOW-LEVEL NET>]

It is always sad when something like this has to be posted, but I am only
doing this to give proper credit where it is due.
As we all know, the OBSD ftpd replydirname() came to light with the post
by Kristian Vlaardingerbroek <kris () obit nl>
Did he discover it? No. Did he give credit for the code or the
discovery? No.
The fact of the matter is that this post came from a personal, real-life
friend of scrippie's who gained his trust and exploited this trust in
order to shamelessly steal and post this vulnerability in a pitiful
attempt to gain fame.
In fact, the originator of this post did not even know how to fully patch
the bug without allowing a remote DOS condition to still exist.
The brunt of the work in the development of this exploit was done by
scrippie and dvorak and they certainly deserve all due credit for their
*-ORIGINAL-* exploitation of this vulnerability.
The condition was discovered 11/06/2000 and the exploit was created a week
afterwards.

Thanks, and let's hope that somebody learns from this post to consider
friendship and trust before plagiarism and duplicity for public
recognition.

Attachment: obsd-ftpd.c
Description: