[2351] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-appl/111: [Vadim Kolontsov ] BoS: another two bugs in ftpd

daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Oct 15 13:02:07 1996

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, Sam Hartman <hartmans@MIT.EDU>
Date: 15 Oct 1996 12:59:33 -0400
From: Sam Hartman <hartmans@MIT.EDU>
To: krb5-bugs@MIT.EDU


>Number:         111
>Category:       krb5-appl
>Synopsis:       ftpd may share bugs with BSD ftpd
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Tue Oct e 13:01:01 EDT 1996
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:

------- Start of forwarded message -------
Resent-Date: Tue, 15 Oct 1996 19:52:47 +1000
Message-Id: <Pine.NEB.3.95.961015083231.10753B-100000@mailserv.tversu.ac.ru>
Date: 	Tue, 15 Oct 1996 08:41:40 +0300
Reply-To: Vadim Kolontsov <vadim@tversu.ac.ru>
From: Vadim Kolontsov <vadim@tversu.ac.ru>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Resent-Message-Id: <"PIZ7d2.0._h1.ywrOo"@suburbia>
Resent-From: best-of-security@suburbia.net
Resent-Sender: best-of-security-request@suburbia.net
Subject: BoS:      another two bugs in ftpd

Hello,

  wuftpd can create core dump in two following situation too (yes, dump
will contain some subset of shadowed passwords):

1) "pasv" given when user not logged in
   (caused by error in passive())

2) more than 100 arguments to any executable command (for example, "list")
   (caused by error in ftpd_popen())

  First error presents in almost all version of bsd's ftpd, wu-ftpd and
derived. Second error presents in all versions of bsd's ftpd, wu-ftpd and
derived (as far as I know).
  Bugfixes are simple. Checking for "pw != NULL" in first case, and
checking for "argc < 100" in another one (see sources).

Best regards, Vadim.

P.S. By the way, who knows e-mail of wu-ftpd developer? Mail me, pls...
--------------------------------------------------------------------------
Vadim Kolontsov                                          SysAdm/Programmer
Tver Regional Center of New Information Technologies          Networks Lab

------- End of forwarded message -------
home help back first fref pref prev next nref lref last post