[9503] in bugtraq
Re: [proftpd-l] root compromise ? (fwd)
daemon@ATHENA.MIT.EDU (Rodrigo Campos)
Fri Feb 12 12:51:00 1999
Date: Tue, 9 Feb 1999 21:20:01 -0200
Reply-To: Rodrigo Campos <camposr@MATRIX.COM.BR>
From: Rodrigo Campos <camposr@MATRIX.COM.BR>
To: BUGTRAQ@NETSPACE.ORG
Information regarding the root exploit in various ftp daemons, including
proftpd.
--
________________________
Rodrigo Albani de Campos [i.constantly.invent.myself]
Matrix Internet - NOC
---------- Forwarded message ----------
Date: Tue, 09 Feb 1999 17:11:55 -0500
From: Jay Soffian <jay@cimedia.com>
Reply-To: proftpd-l@evcom.net
To: proftpd-l@evcom.net,
camposr@matrix.com.br
Subject: Re: [proftpd-l] root compromise ?
"Rodrigo" == Rodrigo Campos <camposr@matrix.com.br> writes:
Rodrigo> Is the information supplied in
Rodrigo> http://www.netect.com/advisory_0209.html correct ?
Rodrigo> I've found nothing in the list archives.
There is a patch available at ftp://ftp.proftpd.org/patches/
Basically wherever the code uses the strcat function, it has been
changed to use sstrcat function which imposes a maximum length on
pathnames.
I don't know if proftpd is compromisable w/o the patch or not as I
have not reviewed it that thouroughly. Also, it appears that the
comprimise (if one exists) is only available after login. So if don't
allow anonymous logins, you only have to worry about your local users.
This may all be wrong. I've only briefly examined the patch.
j.
--
Jay Soffian <jay@cimedia.com> UNIX Systems Administrator
404.572.1941 Cox Interactive Media
