Bugtraq mailing list archives
Re: ftpd: the advisory version
From: djb () CR YP TO (D. J. Bernstein)
Date: Mon, 10 Jul 2000 20:11:00 -0000
1. Surely there are other people still wondering about proftpd. Can an attacker take over proftpd 1.2.0pre10? CERT seems to say yes, but the maintainer says ``relatively minor.'' What's the deal? 2. I agree that setproctitle() is rather pointless. My comments were about all functions with printf()-type format strings. Typical strings should fail as format strings. 3. I've added a section to http://cr.yp.to/ftp/security.html on use of PASV in existing clients. If you have any updates, let me know. Please include version numbers. 4. I have been unable to verify the rumor of PASV-ignorant servers. Can anyone show me some IP addresses of such servers? Every PASV failure that I've tracked down turned out to be a firewall misconfiguration. 5. Several people asked about preventing memory leaks. The trick is a new type of variable that either equals 0 or points to a dynamically allocated region of memory. The deallocation routine frees the region if the variable is nonzero, then sets the variable to 0. The allocation routine first calls the deallocation routine. For most programs, these variables are all in the data segment (static). You can put them into the heap segment (dynamically allocated), in which case the allocation routine that makes space for the variables is required to set them to 0, and the deallocation routine is required to recursively deallocate the variables. This safely handles any dynamic allocation tree, with no need for garbage collection. ---Dan
Current thread:
- Re: ftpd: the advisory version, (continued)
- Re: ftpd: the advisory version Tom Perrine (Jul 02)
- Conclusion to recent working WuFTPD Exploits Eric Hines (Jul 05)
- Re: ftpd: the advisory version Carson Gaspar (Jun 30)
- Re: ftpd: the advisory version Mike Gleason (Jul 02)
- [RHSA-2000:016-03] Multiple local imwheel vulnerabilities bugzilla () REDHAT COM (Jul 03)
- Re: ftpd: the advisory version monti (Jul 05)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 06)
- Re: ftpd: the advisory version monti (Jul 07)
- Re: ftpd: the advisory version Mikael Olsson (Jul 07)
- Re: ftpd: the advisory version David Maxwell (Jul 07)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 10)
- Re: ftpd: the advisory version Richard Rager (Jul 11)
- Infosec.20000712.worldclient.2.1 Rikard Carlsson (Jul 12)
- ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed J C (Jul 10)
- Novell Border Manger - Anyone can pose as an authenticated user Coward, Anonymous (Jul 07)