Information regarding the root exploit in various ftp daemons, including proftpd. -- ________________________ Rodrigo Albani de Campos [i.constantly.invent.myself] Matrix Internet - NOC ---------- Forwarded message ---------- Date: Tue, 09 Feb 1999 17:11:55 -0500 From: Jay Soffian <jayat_private> Reply-To: proftpd-lat_private To: proftpd-lat_private, camposrat_private Subject: Re: [proftpd-l] root compromise ? "Rodrigo" == Rodrigo Campos <camposrat_private> writes: Rodrigo> Is the information supplied in Rodrigo> http://www.netect.com/advisory_0209.html correct ? Rodrigo> I've found nothing in the list archives. There is a patch available at ftp://ftp.proftpd.org/patches/ Basically wherever the code uses the strcat function, it has been changed to use sstrcat function which imposes a maximum length on pathnames. I don't know if proftpd is compromisable w/o the patch or not as I have not reviewed it that thouroughly. Also, it appears that the comprimise (if one exists) is only available after login. So if don't allow anonymous logins, you only have to worry about your local users. This may all be wrong. I've only briefly examined the patch. j. -- Jay Soffian <jayat_private> UNIX Systems Administrator 404.572.1941 Cox Interactive Media
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:57 PDT