Ronald Wahl wrote: > > On Tue, 9 Feb 1999, RHS Linux User wrote: > > A security vulnerability has been identified in all versions of the wu-ftpd > > server binary shipped with Red Hat Linux. > > Is it possible that the bug is not fixed yet? > > mkdir <verylongname> let the deamon do funny things. Can someone reproduce > this? I looked into the patch that Red Hat included with the new wu-ftpd package. It does implement some checking of the parameters given to the ftp daemon's realpath() routine; however, at the very top of this routine there is an unguarded "strcpy(currpath, pathname)" - the currpath buffer is declared locally of size MAXPATHLEN (4K on Linux, it seems). It looks as if it is still vulnerable.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:10 PDT