[11627] in bugtraq
Re: [patch] ProFTPd remote root exploit
daemon@ATHENA.MIT.EDU (Jordan Ritter)
Wed Sep 1 06:05:14 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-Id: <Pine.LNX.3.96.990830123829.3481D@wibble.net>
Message-Id: <Pine.LNX.4.05.9908301354350.5823-100000@demerol>
Date: Mon, 30 Aug 1999 13:57:29 -0400
Reply-To: Jordan Ritter <jpr5@DARKRIDGE.COM>
From: Jordan Ritter <jpr5@DARKRIDGE.COM>
X-To: Nic Bellamy <sky@wibble.net>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.3.96.990830123256.3481A-200000@wibble.net>
On Mon, 30 Aug 1999, Nic Bellamy wrote:
> tracked this problem to an sprintf() into a buffer on the stack
> in the log_xfer() routine in src/log.c. Gotta love it. Sigh.
What's interesting to note is that I notified the contact at ProFTPd of
this exact overflow back during the last ftpd fiasco (there was more than
one way to break proftpd). Assuming that you're making this assertion
from the absolute latest source available, I'd say it's unfortunate that
this wasn't dealt with many months ago.
--jordan
