Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock

From: Chris Butler (chrisbat_private)
Date: Sat Aug 28 1999 - 05:17:26 PDT

Next message: R a v e N: "Re: Patch for w98/igmp frag bug (alias kod) and ICMP-type 13"

Previous message: Jesper M. Johansson: "Re: IE 5.0 allows executing programs"
Next in thread: Benjamin Smee: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 25, 1999 at 09:11:43PM +0200, Josip Rodin wrote:
> On Sun, Jul 04, 1999 at 01:38:48PM +0200, Michal Zalewski wrote:
> > ----------------------------
> > wu-ftpd 2.5, VR and BeroFTPD
> > ----------------------------
> >
> > Compromise: remote root
> >
> > Solution: add strlen() check somewhere
> >
>
> The Debian package of wu-ftpd (2.5.0-3) has just been updated with this
> patch:

[snip patch]

Note that the next release (2.5.0-4) will contain the patch from
ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/ \
mapped.path.overrun.patch (split for readability). This fixes another
similar buffer overrun as well.

--
  Chris Butler                       e-mail: <chrisbat_private>
--------------------------------------------------------------------------
PGP key 9D973385/1024 fingerprint: 047E 3689 387A 8C4B 709C 74A2 7AB3 4869

Next message: R a v e N: "Re: Patch for w98/igmp frag bug (alias kod) and ICMP-type 13"
Previous message: Jesper M. Johansson: "Re: IE 5.0 allows executing programs"
Next in thread: Benjamin Smee: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:40 PDT