[18374] in bugtraq
Linux port of OpenBSD ftpd patched
daemon@ATHENA.MIT.EDU (Trenholme, Sam)
Fri Dec 29 13:26:09 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.30.0012281306060.6498-100000@theophilus.reachin.com>
Date: Thu, 28 Dec 2000 13:13:30 -0800
Reply-To: bugtraq@THEOPHILUS.REACHIN.COM
From: "Trenholme, Sam" <bugtraq@THEOPHILUS.REACHIN.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
I have patched David Madore's Linux port of OpenBSD's ftpd against the
problems present in replydirname(). While the word is that Linux is not
currently exploitable, it is better to be safe than sorry.
I have also patched against the setproctitle() problems previously
reported here, even though they are a non-issue due to the manner David
Madore ported OpenBSD's FTPD to Linux.
The patches are against the 0.2.3 release of ftpd-BSD (David Madore's name
for the port), and are available in RPM format here:
http://www.samiam.org/rpms/
David Madore: Thank you for your hard work porting OpenBSD ftpd to Linux.
I hope an official patched release will come to light soon.
- Sam
