[18976] in bugtraq
Re: QNX RTP ftpd stack overflow
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Fri Feb 2 20:43:38 2001
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6"
Content-Disposition: inline
Message-Id: <20010202150431.A6524@xor.obsecurity.org>
Date: Fri, 2 Feb 2001 15:04:31 -0800
Reply-To: Kris Kennaway <kris@OBSECURITY.ORG>
From: Kris Kennaway <kris@OBSECURITY.ORG>
X-To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010202200309.X675@riget.scene.pl>; from
venglin@FREEBSD.LUBLIN.PL on Fri, Feb 02, 2001 at 08:03:09PM +0100
--y0ulUmNC+osPPQO6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Fri, Feb 02, 2001 at 08:03:09PM +0100, Przemyslaw Frasunek wrote:
> BTW. Old BSD derived ftpd is also used in opieftpd and SSLftpd. Both are
> vulnerable to this attack.
In case anyone is wondering how old is old:
----------------------------
revision 1.5
date: 1996/11/20 22:12:50; author: pst; state: Exp; lines: +9 -5
Truncate argument list to avoid buffer overflows.
Cannidate for: 2.1 and 2.2
----------------------------
Kris
--y0ulUmNC+osPPQO6
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE6ezz/Wry0BWjoQKURAjTdAKCfbmY6b/zSkBvv4iQjTwCfaCpbrgCfUNDE
bVIk1wFhfWG4p9uCwGHk42Q=
=+o2F
-----END PGP SIGNATURE-----
--y0ulUmNC+osPPQO6--
