[9642] in bugtraq
Re: Pro/wuFTPD DoS
daemon@ATHENA.MIT.EDU (CyberPsychotic)
Thu Feb 18 17:51:40 1999
Date: Wed, 17 Feb 1999 23:37:34 +0500
Reply-To: fygrave@tigerteam.net
From: CyberPsychotic <mlists@GIZMO.KYRNET.KG>
X-To: Ultor <Ultor@SOWATECH.COM.PL>, ga <duncan@MULTIMANIA.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199902151548.PAA20629@poseidon.dcs.napier.ac.uk>
~ This is the bash path overlow (up to 2.0.0) which has been fixed in bash
~ v2.02.
~ > kills patched ProFTPD dead.
~ >
~ Hmmm i think that the problem here isn't overflow in ProFTPD.
~ Here is a proof.
~
The problem IS an overflow in ProFTPD, I've sent a detailed report to
bugtraq few days ago, but somewhy it still hasnt appeared on the list.
To be quick, the problem sits in fs.c:fs_dircat() routine, which doesn't
make boundary checks while concatinating directory names.
