Bugtraq mailing list archives

Re: ftpd and setproctitle()

From: kris () FREEBSD ORG (Kris Kennaway)
Date: Thu, 6 Jul 2000 13:38:25 -0700


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 6 Jul 2000, Theo de Raadt wrote:

Well, while everyone is talking about setproctitle affecting wuftpd,
I should probably note that it even affects the OpenBSD ftpd.  In fact,
looking around, it looks like it might affect everyone's ftpd.


Fortunately, FreeBSD fixed this back in 1996, so all versions since 2.2.0
are unaffected. We are however auditing the system ftpd and other
utilities for instances of this vulnerability.

Kris

- --
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe () alum mit edu>

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Comment: Made with pgp4pine 1.74
Charset: noconv

iQCVAwUBOWTuRlUuHi5z0oilAQF//QQAofUlBewsftbGepAJYSWuu5r8p5DhJIJ6
to9GTFy9WzZauXu+rOx7dnSaymGfh0P2s+VlSpEITxzlDH2OYGHI69WWsYW9mcyl
JtaoIEmoMNcsnaLUJ2MZVQP38LSXtWMmdGkriR4dBaKz4ghZShUzwhXurk9EpkIH
rTuqT5MA2ok=
=9Pgm
-----END PGP SIGNATURE-----

Current thread:

ftpd and setproctitle() Theo de Raadt (Jul 06)
- Re: ftpd and setproctitle() Kris Kennaway (Jul 06)
- More Detailed Info on the BitchX Format Bugs RoboHak (Jul 07)
  - Re: More Detailed Info on the BitchX Format Bugs Ryan Russell (Jul 07)
    - Re: More Detailed Info on the BitchX Format Bugs RoboHak (Jul 09)
    - opieftpd setproctitle() patches Kris Kennaway (Jul 10)
    - Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability Ussr Labs (Jul 10)
  - Security Update: Denial of Service against irc-BX Technical Support (Jul 07)
  - Out of order SMTP DATA commands incorrectly allow pass-through mode in some firewall smtp filters/proxies Lincoln Yeoh (Jul 08)
- Re: ftpd and setproctitle() D. J. Bernstein (Jul 07)
  - Re: ftpd and setproctitle() Bernd Luevelsmeyer (Jul 07)
    - Re: ftpd and setproctitle() Firstname Lastname (Jul 10)

(Thread continues...)