[11596] in bugtraq
Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock
daemon@ATHENA.MIT.EDU (Chris Butler)
Mon Aug 30 07:21:44 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990828131726.A259@office.db-bbs.com>
Date: Sat, 28 Aug 1999 13:17:26 +0100
Reply-To: Chris Butler <chrisb@SANDY.FORCE9.CO.UK>
From: Chris Butler <chrisb@SANDY.FORCE9.CO.UK>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990825211143.A4399@nevkos.gkvk.hr>; from Josip Rodin on Wed,
Aug 25, 1999 at 09:11:43PM +0200
On Wed, Aug 25, 1999 at 09:11:43PM +0200, Josip Rodin wrote:
> On Sun, Jul 04, 1999 at 01:38:48PM +0200, Michal Zalewski wrote:
> > ----------------------------
> > wu-ftpd 2.5, VR and BeroFTPD
> > ----------------------------
> >
> > Compromise: remote root
> >
> > Solution: add strlen() check somewhere
> >
>
> The Debian package of wu-ftpd (2.5.0-3) has just been updated with this
> patch:
[snip patch]
Note that the next release (2.5.0-4) will contain the patch from
ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/ \
mapped.path.overrun.patch (split for readability). This fixes another
similar buffer overrun as well.
--
Chris Butler e-mail: <chrisb@sandy.force9.co.uk>
--------------------------------------------------------------------------
PGP key 9D973385/1024 fingerprint: 047E 3689 387A 8C4B 709C 74A2 7AB3 4869
