Bugtraq mailing list archives

Re: WuFTPD: Providing remote root since at least1994

From: luci () WILD TRANSART RO (Hudin Lucian)
Date: Thu, 29 Jun 2000 23:30:25 +0300


Actually many people blame sprintf usage as a potential source
for buffer overflow exploits, yet :

char buff[BUFSIZ];
sprintf(buff, "%.*s", BUFSIZ, "string");

avoids the overflow ... IMHO it's very easy to avoid buffer overflows when
writing critical programs just by keeping in mind the 5th of "the ten C
commandments", just in case you forgot it :

 5. Thou shalt check the array bounds of all strings (indeed, all
arrays), for surely where thou typest "foo" someone someday shall type
"supercalifragilisticexpialidocious".

Regards, LucySoft

Current thread:

Re: WuFTPD: Providing *remote* root since at least1994, (continued)
- - Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
    - Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 27)
  - Re: WuFTPD: Providing *remote* root since at least1994 Carson Gaspar (Jun 27)
    - Re: WuFTPD: Providing *remote* root since at least1994 Casper Dik (Jun 29)
    - Re: WuFTPD: Providing *remote* root since at least1994 Eric Hines (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 26)
  - Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
    - Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 28)
    - Re: WuFTPD: Providing *remote* root since at least1994 Valentin Nechayev (Jun 29)
    - Re: WuFTPD: Providing *remote* root since at least1994 Kenn Humborg (Jun 29)
    - Re: WuFTPD: Providing *remote* root since at least1994 Hudin Lucian (Jun 29)
    - Multiple vulnerabilities in Sybergen Secure Desktop anders.ingeborn () INFOSEC SE (Jun 30)
    - SecureXpert Advisory [SX-20000620-2] SecureXpert DIRECT Sender (Jun 30)
  - Re: WuFTPD: Providing *remote* root since at least1994 Bernd Luevelsmeyer (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Lars Mathiesen (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Robert Bihlmeyer (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Ben Pfaff (Jun 29)
  - Update to Integrity Protection Driver Available IPD (Jun 29)
  - Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 29)
  - Buggy ARP handling in Windoze Paul Starzetz (Jun 29)
    - Re: Buggy ARP handling in Windoze Jurjen Oskam (Jun 29)

(Thread continues...)

Bugtraq mailing list archives

Re: WuFTPD: Providing *remote* root since at least1994

Current thread:

Re: WuFTPD: Providing remote root since at least1994