[11694] in bugtraq
Re: [patch] ProFTPd remote root exploit
daemon@ATHENA.MIT.EDU (Dan Stromberg)
Sat Sep 4 09:53:40 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <37CD7908.BF26365F@nis.acs.uci.edu>
Date: Wed, 1 Sep 1999 12:05:44 -0700
Reply-To: strombrg@NIS.ACS.UCI.EDU
From: Dan Stromberg <strombrg@NIS.ACS.UCI.EDU>
X-To: Jordan Ritter <jpr5@DARKRIDGE.COM>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Jordan Ritter wrote:
>
> On Mon, 30 Aug 1999, Nic Bellamy wrote:
>
> > tracked this problem to an sprintf() into a buffer on the stack
> > in the log_xfer() routine in src/log.c. Gotta love it. Sigh.
>
> What's interesting to note is that I notified the contact at ProFTPd of
> this exact overflow back during the last ftpd fiasco (there was more than
> one way to break proftpd). Assuming that you're making this assertion
> from the absolute latest source available, I'd say it's unfortunate that
> this wasn't dealt with many months ago.
>
> --jordan
Floody, the old maintainer, fell off the net.
MacGuyver has been picking up proftpd development.
If you tried to reach Floody, it's no wonder there was no response.
I do agree that the situation is regrettable. But there are extenuating
circumstances in this case.
That is, proftpd is maintained, you just caught it in transition from
one maintainer to another.
