[12062] in bugtraq
Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2
daemon@ATHENA.MIT.EDU (Keith Stevenson)
Wed Sep 29 22:08:28 1999
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990929163047.A56774@osaka.louisville.edu>
Date: Wed, 29 Sep 1999 16:30:47 -0400
Reply-To: Keith Stevenson <k.stevenson@LOUISVILLE.EDU>
From: Keith Stevenson <k.stevenson@LOUISVILLE.EDU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <1DF26A56012@cpedu1.cpedu.rug.nl>
On Wed, Sep 29, 1999 at 01:00:32PM +0100, W.H.J.Pinckaers wrote:
>
>
> At this time: NO, but please make sure you are vulnerable first, we
> did discover that this bug is very specific for AIX 4.3.2. (Most other
> AIX versions aren't vulnerable to this particular bug)
The version of ftpd contained in bos.net.tcp.client v. 4.3.2.7 seems to
be vulnerable. A quick check of IBM's software site shows that
v. 4.3.2.10 seems to be the latest version of that fileset. I have no idea
whether or not it is vulnerable though.
Regards,
--Keith Stevenson--
--
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
k.stevenson@louisville.edu
PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0
