[15439] in bugtraq
Re: WuFTPD: Providing *remote* root since at least1994
daemon@ATHENA.MIT.EDU (Bernhard Rosenkraenzer)
Fri Jun 23 15:51:57 2000
Mime-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="279710978-786788563-961719611=:25605"
Message-Id: <Pine.LNX.4.21.0006230217250.25605-200000@bochum.redhat.de>
Date: Fri, 23 Jun 2000 02:20:11 +0200
Reply-To: Bernhard Rosenkraenzer <bero@REDHAT.DE>
From: Bernhard Rosenkraenzer <bero@REDHAT.DE>
X-To: Elias Levy <aleph1@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000622154402.G11033@securityfocus.com>
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--279710978-786788563-961719611=:25605
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 22 Jun 2000, Elias Levy wrote:
> /* - wuftpd2600.c
> * VERY PRIVATE VERSION. DO NOT DISTRIBUTE. 15-10-1999
This should fix it... Since the exploit never worked for me in the first
time and I haven't taken the time to fix it yet (fixing the bug is more
important than fixing the exploit, I guess ;) ), it's unverified though.
LLaP
bero
--279710978-786788563-961719611=:25605
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="wu-ftpd-2.6.0-security.patch"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.21.0006230220110.25605@bochum.redhat.de>
Content-Description: fix
Content-Disposition: attachment; filename="wu-ftpd-2.6.0-security.patch"
LS0tIHd1LWZ0cGQtMi42LjAvc3JjL2Z0cGNtZC55LnNlY3VyaXR5CUZyaSBK
dW4gMjMgMDE6NDk6NDUgMjAwMA0KKysrIHd1LWZ0cGQtMi42LjAvc3JjL2Z0
cGNtZC55CUZyaSBKdW4gMjMgMDE6NTI6MzcgMjAwMA0KQEAgLTc3Niw3ICs3
NzYsNyBAQA0KIAkgICAgaWYgKCFyZXN0cmljdGVkX3VzZXIgJiYgJDIgIT0g
MCAmJiAkNiAhPSBOVUxMKSB7DQogCQljaGFyIGJ1ZltNQVhQQVRITEVOXTsN
CiAJCWlmIChzdHJsZW4oJDYpICsgNyA8PSBzaXplb2YoYnVmKSkgew0KLQkJ
ICAgIHNwcmludGYoYnVmLCAiaW5kZXggJXMiLCAoY2hhciAqKSAkNik7DQor
CQkgICAgc25wcmludGYoYnVmLCBNQVhQQVRITEVOLCAiaW5kZXggJXMiLCAo
Y2hhciAqKSAkNik7DQogCQkgICAgKHZvaWQpIHNpdGVfZXhlYyhidWYpOw0K
IAkJfQ0KIAkgICAgfQ0KQEAgLTE4NzEsNiArMTg3MSwxMCBAQA0KICAgICBj
aGFyICpzcCA9IChjaGFyICopIHN0cmNocihjbWQsICcgJyksICpzbGFzaCwg
KnQ7DQogICAgIEZJTEUgKmNtZGY7DQogDQorICAgIGlmKHN0cmxlbihjbWQp
K3N0cmxlbihfUEFUSF9FWEVDUEFUSCkrMSA+IE1BWFBBVEhMRU4pIHsNCisg
ICAgICAgIHN5c2xvZyhMT0dfQ1JJVCwgIlVzZXIgcHJvYmFibHkgdHJpZWQg
U0lURSBFWEVDIHJvb3QgZXhwbG9pdCwgcmVmdXNpbmchIik7DQorICAgICAg
ICByZXR1cm47DQorICAgIH0NCiANCiAgICAgLyogc2FuaXRpemUgdGhlIGNv
bW1hbmQtc3RyaW5nICovDQogDQpAQCAtMTg5Myw3ICsxODk3LDcgQEANCiAg
ICAgLyogYnVpbGQgdGhlIGNvbW1hbmQgKi8NCiAgICAgaWYgKHN0cmxlbihf
UEFUSF9FWEVDUEFUSCkgKyBzdHJsZW4oY21kKSArIDIgPiBzaXplb2YoYnVm
KSkNCiAJcmV0dXJuOw0KLSAgICBzcHJpbnRmKGJ1ZiwgIiVzLyVzIiwgX1BB
VEhfRVhFQ1BBVEgsIGNtZCk7DQorICAgIHNucHJpbnRmKGJ1ZiwgTUFYUEFU
SExFTiwgIiVzLyVzIiwgX1BBVEhfRVhFQ1BBVEgsIGNtZCk7DQogDQogICAg
IGNtZGYgPSBmdHBkX3BvcGVuKGJ1ZiwgInIiLCAwKTsNCiAgICAgaWYgKCFj
bWRmKSB7DQo=
--279710978-786788563-961719611=:25605--
