Re: Pro/wuFTPD DoS

From: CyberPsychotic (mlistsat_private)
Date: Wed Feb 17 1999 - 10:37:34 PST

Next message: Tim Fletcher: "Quake client killer"

Previous message: Alan Cox: "Re: xtvscreen and suse 6"
Next in thread: CyberPsychotic: "Re: Pro/wuFTPD DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

~ This is the bash path overlow (up to 2.0.0) which has been fixed in bash
~ v2.02.

~ > kills patched ProFTPD dead.
~ >
~ Hmmm i think that the problem here isn't overflow in ProFTPD.
~ Here is a proof.
~


 The problem IS an overflow in ProFTPD, I've sent a detailed report to
bugtraq few days ago, but somewhy it still hasnt appeared on the list.
To be quick, the problem sits in fs.c:fs_dircat() routine, which doesn't
make boundary checks while concatinating directory names.

Next message: Tim Fletcher: "Quake client killer"
Previous message: Alan Cox: "Re: xtvscreen and suse 6"
Next in thread: CyberPsychotic: "Re: Pro/wuFTPD DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:30 PDT