Bugtraq mailing list archives
Re: wuftpd 2.6.1 -- example of bad coding
From: Iván Arce <core.lists.bugtraq () CORE-SDI COM>
Date: Mon, 8 Jan 2001 20:35:19 -0300
Hello, I fail to understand why these vulnerabilities are NOT exploitable, could you elaborate a bit on that? -ivan ----- Original Message ----- From: "Przemyslaw Frasunek" <venglin () FREEBSD LUBLIN PL> Newsgroups: core.lists.bugtraq To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Monday, January 08, 2001 4:12 PM Subject: wuftpd 2.6.1 -- example of bad coding
Hello, There are two non-exploitable format string bugs in wuftpd 2.6.1. ftpd.c:6272 if (debug) { char *s = calloc(128 + strlen(remoteident), sizeof(char)); if (s) { int i = ntohs(pasv_addr.sin_port); sprintf(s, "PASV port %i assigned to %s", i, remoteident); /* here */ syslog(LOG_DEBUG, s); free(s); } } ftpd.c:6288 if (debug) { char *s = calloc(128 + strlen(remoteident), sizeof(char)); if (s) { sprintf(s, "PASV port assignment assigned for %s",
remoteident);
/* here */ syslog(LOG_DEBUG, s); free(s); } } Example: riget:venglin:~> tail -n1 /etc/hosts 212.182.115.2 riget%p%p%p%p%p%p%p%p%p%p.scene.pl riget riget:venglin:~> tail -n2 /var/log/debug Jan 8 14:28:03 riget ftpd[53990]: command: pasv^M Jan 8 14:28:03 riget ftpd[53990]: PASV port 17355 assigned to
riget0xbfbff1640x80536440x807c2000x8066c210x43cb0x80791000xe0x5c0x960x280850 00.scene.pl [212.182.115.2] --- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, Its nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce ==================[ CORE Seguridad de la Informacion S.A. ]========= Iván Arce Presidente PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A email : iarce () core-sdi com http://www.core-sdi.com Florida 141 2do cuerpo Piso 7 C1005AAG Buenos Aires, Argentina. Tel/Fax : +(54-11) 4331-5402 ===================================================================== --- For a personal reply use iarce () core-sdi com
Current thread:
- wuftpd 2.6.1 -- example of bad coding Przemyslaw Frasunek (Jan 08)
- Re: wuftpd 2.6.1 -- example of bad coding Gregory A Lundberg (Jan 08)
- Re: wuftpd 2.6.1 -- example of bad coding Iván Arce (Jan 09)