On Wed, Aug 25, 1999 at 09:11:43PM +0200, Josip Rodin wrote: > On Sun, Jul 04, 1999 at 01:38:48PM +0200, Michal Zalewski wrote: > > ---------------------------- > > wu-ftpd 2.5, VR and BeroFTPD > > ---------------------------- > > > > Compromise: remote root > > > > Solution: add strlen() check somewhere > > > > The Debian package of wu-ftpd (2.5.0-3) has just been updated with this > patch: [snip patch] Note that the next release (2.5.0-4) will contain the patch from ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/ \ mapped.path.overrun.patch (split for readability). This fixes another similar buffer overrun as well. -- Chris Butler e-mail: <chrisbat_private> -------------------------------------------------------------------------- PGP key 9D973385/1024 fingerprint: 047E 3689 387A 8C4B 709C 74A2 7AB3 4869
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:40 PDT