[10416] in bugtraq
Re: Buffer overflow in ftpd and locate bug
daemon@ATHENA.MIT.EDU ([tgo])
Mon May 3 18:39:25 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.05.9904302222200.475-100000@main.garage.org.br>
Date: Fri, 30 Apr 1999 22:25:14 -0300
Reply-To: "[tgo]" <tgo@NEARZ.ORG>
From: "[tgo]" <tgo@NEARZ.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.990430105441.23881A-100000@gw.al.lg.ua>
On 23 February I send to bugtraq a comment about this problem
(ignored by aleph1 ? hehe :)
http://www.nearz.org/new/lynx/text/1999/FEB-Pathnames
On Fri, 30 Apr 1999, Sergey V. Kolychev wrote:
> Hi.
>
> I had problem with locate from findutils-4.1.24.rpm from Redhat-5.1
> It segfaults if we have huge directory at incoming ftp which created
> by exploits for ftpd realpath hole. My ftpd is patched. Those exploits
> ,i think, should not afraid me, but if updatedb puts to locate database
> that directory then locate segfaults. ( getline.c 104 row by gdb )
> I guess it can be used for running arbitrary commands if root runs locate.
>
> I had look to latest Redhat-6.0 findutils-4.1.31.rpm but it still
> based on findutils-4.1 as well as findutils-4.1.24 and haven't any
> patches from redhat concerning subject and I am sure it stiil vulnerable.
>
>
> ----------------------Alchevsk Linux User Group-----------------------
> I don't call, I don't cry , I don't sorry.
> All will gone like a white appletreeses's smoke... (S.Esenin)
> http://www.ic.al.lg.ua/~ksv | e-mail: ksv@gw.al.lg.ua
> PGP key & Geekcode: finger ksv@gw.al.lg.ua
>
