[9453] in bugtraq
Re: Netect Advisory: palmetto.ftpd - remote root overflow
daemon@ATHENA.MIT.EDU (bugtraq mailing list account)
Tue Feb 9 20:06:32 1999
Date: Tue, 9 Feb 1999 16:09:08 -0800
Reply-To: bugtraq mailing list account <bugtraq@ANKH.SAMIAM.ORG>
From: bugtraq mailing list account <bugtraq@ANKH.SAMIAM.ORG>
X-To: Jordan Ritter <jpr5@NETECT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSF.4.05.9902091117490.27505-100000@mail.us.netect.com>
I would like to thank Jordan for making this information public, and
making available pointers to updated versions of ftpd that do not have
these problems.
Since I did not find a RedHat-4.2 compatible RPM of the latest "vr"
release of wu-ftpd, I took the libery of making an updated ftpd RPM
myself. This is a "quick and dirty" RPM, and does not, AFAIK, properly
use PAM, and assumes that you are using a standard shadowed system.
One advantage of this version of ftpd, in addition to fixing the long
directory problem, is that /etc/ftpaccess actually works.
RPMs of wu-ftpd-beta18-VR13 here:
http://www.samiam.org/blackdragon
Hopefully, RedHat will have some more PAM-friendly RPMs available soon for
both 5.2 and 4.2 systems.
- Sam
