On Wed, 14 Apr 1999, Stu Alchor wrote: > As I've run the old ftp exploit I found in the bugtraq and they didn't > work so I thought we were not vulnerable. I will attach the core of > the ftp worm (SDI-wu.c), the exploit for the vulnerability, which, > btw, worked in my host. > strcpy ( tmp, "MKD "); strcat ( tmp, buff); strcat ( tmp, "\n"); This is the realpath() overflow discussed in http://www.cert.org/advisories/CA-99-03-FTP-Buffer-Overflows.html Please review that document to determine if your version of the WU-FTPD daemon is vulnerable. The addition of a backdoor (if true) is new, however. Anyone wishing to discuss this matter may contact me through either of the WU-FTPD discussion lists cc'd above or through private email. The location of the latest version of wu-ftpd can be found in the directory ftp://ftp.vr.net/pub/wu-ftpd/ wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/ wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/ -- Gregory A Lundberg 1441 Elmdale Drive lundberg@wu-ftpd.org Kettering, OH 45409-1615 USA 1-888-977-5370
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:27 PDT