On Mon, 3 May 1999, Gregory Newby wrote: > wu-ftpd and variants that use files /etc/ftp* for configuration > can easily help protect you against the many recent variants that > exploit buffer overflows with MKDIR. All the varieties I've > seen require creating a directory or file - that's where the > overflow happens. khmm, and what about local users? they can get root still and more: I don't need +w access on ftp, if I create dirs in $home and telnet 0 21 I can get root by simple RMD ok, that's better protection then patches (all I've seen didn't work) but you have bug still, not remote but bug always... if you wanna be secure you have to install new ftpd greetz -- tmoggat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:04 PDT