[12056] in bugtraq
Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2
daemon@ATHENA.MIT.EDU (Bill Pemberton)
Wed Sep 29 20:52:45 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <199909291949.PAA16708@cthulhu.itc.Virginia.EDU>
Date: Wed, 29 Sep 1999 15:49:12 -0400
Reply-To: Bill Pemberton <wfp5p@CTHULHU.ITC.VIRGINIA.EDU>
From: Bill Pemberton <wfp5p@CTHULHU.ITC.VIRGINIA.EDU>
X-To: BUGTRAQ@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <1DF26A56012@cpedu1.cpedu.rug.nl> from "W.H.J.Pinckaers" at Sep
29, 1999 01:00:32 PM
W.H.J.Pinckaers writes:
>
> sq01@Yorku.Ca <sq01@Yorku.Ca> Wrote
>
> >Hi,
> > >
> > >Short of disabling ftpd completely, is there a work-around that will not
> > >affect our users ?
> > >
>
>
> At this time: NO, but please make sure you are vulnerable first, we
> did discover that this bug is very specific for AIX 4.3.2. (Most other
> AIX versions aren't vulnerable to this particular bug)
>
Actually, IBM does have an efix for this at:
ftp://aix.software.ibm.com/aix/efixes/security/ftpd.tar.Z
--
Bill Pemberton wfp5p@virginia.edu
ITC/Unix Systems flash@virginia.edu
University of Virginia
