[15467] in bugtraq
Re: CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)
daemon@ATHENA.MIT.EDU (Przemyslaw Frasunek)
Sat Jun 24 15:42:33 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <081901bfddab$1c576960$0273b6d4@freebsd.lublin.pl>
Date: Sat, 24 Jun 2000 09:09:16 +0200
Reply-To: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
From: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
> This is a new release. Our previous -10cl didn't fix the problem.
> wu-ftpd package version 2.6.0 and below has a buffer overflow that can
> be remotely exploited and give an attacker root privileges on the
> remote machine.
This advisory is clueless. This is *NOT* a buffer overflow attack. Exploit uses
vsnprintf() format string to overwrite *arbitrary* chunk of stack or bss.
--
* Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE *
* Inet: venglin@freebsd.lublin.pl ** PGP: D48684904685DF43 EA93AFA13BE170BF *
