[3461] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

another two bugs in ftpd

daemon@ATHENA.MIT.EDU (Vadim Kolontsov)
Tue Oct 15 01:52:04 1996

Date: 	Tue, 15 Oct 1996 08:41:40 +0300
Reply-To: Vadim Kolontsov <vadim@tversu.ac.ru>
From: Vadim Kolontsov <vadim@tversu.ac.ru>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To:  <Pine.BSF.3.95.961014121116.4318C-100000@alive.ampr.ab.ca>

Hello,

  wuftpd can create core dump in two following situation too (yes, dump
will contain some subset of shadowed passwords):

1) "pasv" given when user not logged in
   (caused by error in passive())

2) more than 100 arguments to any executable command (for example, "list")
   (caused by error in ftpd_popen())

  First error presents in almost all version of bsd's ftpd, wu-ftpd and
derived. Second error presents in all versions of bsd's ftpd, wu-ftpd and
derived (as far as I know).
  Bugfixes are simple. Checking for "pw != NULL" in first case, and
checking for "argc < 100" in another one (see sources).

Best regards, Vadim.

P.S. By the way, who knows e-mail of wu-ftpd developer? Mail me, pls...
--------------------------------------------------------------------------
Vadim Kolontsov                                          SysAdm/Programmer
Tver Regional Center of New Information Technologies          Networks Lab


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3461] in bugtraq

another two bugs in ftpd

daemon@ATHENA.MIT.EDU (Vadim Kolontsov)Tue Oct 15 01:52:04 1996

daemon@ATHENA.MIT.EDU (Vadim Kolontsov)
Tue Oct 15 01:52:04 1996