[3469] in bugtraq
Re: BoS: another two bugs in ftpd
daemon@ATHENA.MIT.EDU (Norman Shulman)
Tue Oct 15 16:36:18 1996
Date: Tue, 15 Oct 1996 15:07:15 -0400
Reply-To: Norman Shulman <norm@border.com>
From: Norman Shulman <norm@border.com>
X-To: Vadim Kolontsov <vadim@tversu.ac.ru>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.NEB.3.95.961015083231.10753B-100000@mailserv.tversu.ac.ru>
On Tue, 15 Oct 1996, Vadim Kolontsov wrote:
> wuftpd can create core dump in two following situation too (yes, dump
> will contain some subset of shadowed passwords):
>
> 2) more than 100 arguments to any executable command (for example, "list")
> (caused by error in ftpd_popen())
>
> .... Second error presents in all versions of bsd's ftpd, wu-ftpd and
> derived (as far as I know).
> Bugfixes are simple. Checking for "pw != NULL" in first case, and
> checking for "argc < 100" in another one (see sources).
There is a similar error in ftpd_popen() if globbing the arguments produces over 1000.
(The fix is similar too.)
Norm
Norman Shulman Border Network Technologies Inc.
Software Engineer Tel 1 416 368 7157 ext 304
norm@border.com Fax 1 416 368 7178
