~ This is the bash path overlow (up to 2.0.0) which has been fixed in bash ~ v2.02. ~ > kills patched ProFTPD dead. ~ > ~ Hmmm i think that the problem here isn't overflow in ProFTPD. ~ Here is a proof. ~ The problem IS an overflow in ProFTPD, I've sent a detailed report to bugtraq few days ago, but somewhy it still hasnt appeared on the list. To be quick, the problem sits in fs.c:fs_dircat() routine, which doesn't make boundary checks while concatinating directory names.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:30 PDT