On Thu, 6 May 1999, Adam Maloney wrote: > We evaluated the source to the exploit, and made some changes to > realpath.c (found in the /src directory of the wu-ftpd tarball) hate to tell you this, but these things have already been fixed, and by several in parallel. latest vr series ftpd, with redhat's changes merged in: ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd-2.4.2-vr17.tar.gz > Interestingly enough, from the code that we saw, there was already > code in the source to handle buffer overflows, but it wasn't > implemented for all of the functions. not to mention path-filter Jordan Ritter Network Security Engineer Netect/Bindview Corp Boston, MA "Quis custodiet ipsos custodes?"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:22 PDT