Re: SECURITY: new wu-ftpd packages available (fwd)

From: Tomasz Grabowski (cadenceat_private)
Date: Wed Feb 17 1999 - 04:01:07 PST

Next message: Larry W. Cashdollar: "snap utility for AIX."

Previous message: der Mouse: "Re: ISSalert: ISS Security Advisory: Buffer Overflow in "Super""
Maybe in reply to: RHS Linux User: "SECURITY: new wu-ftpd packages available (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 12 Feb 1999, Henrik Storner wrote:

> I looked into the patch that Red Hat included with the new wu-ftpd
> package.
> It does implement some checking of the parameters given to the ftp
> daemon's realpath() routine; however, at the very top of this routine
> there
> is an unguarded "strcpy(currpath, pathname)" - the currpath buffer is
> declared
> locally of size MAXPATHLEN (4K on Linux, it seems).
>
> It looks as if it is still vulnerable.


I think that You are wrong.
Look at the ftpd.c code.
The *pathname can only have up to 250 chars while curpath[1024] ;)


---
Tomasz Grabowski  (0-91)4333950
Akademickie Centrum Informatyki
mailto:cadenceat_private

Next message: Larry W. Cashdollar: "snap utility for AIX."
Previous message: der Mouse: "Re: ISSalert: ISS Security Advisory: Buffer Overflow in "Super""
Maybe in reply to: RHS Linux User: "SECURITY: new wu-ftpd packages available (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:23 PDT