Hi, Note that user takes the value "user@host" given at password prompt for anonymous access (forgetting any potential dns attacks into remhost) This allows anyone to smash the stack just with an anonymous access and a file to download. (see last published exploits.) Regards, Pascal On Mon, Aug 30, 1999 at 07:42:44PM +1200, Nic Bellamy wrote: > - sprintf(buf,"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n", > + snprintf(buf,sizeof(buf),"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n", > fmt_time(time(NULL)),xfertime,remhost,fsize, > fname,xfertype,direction,access,user); > > To exploit the bug, the attacker must have permission to create > directories and store files. > > Regards, > Nic. > > -- Nic Bellamy <skyat_private> > J. Random Coder. -- Pascal Bouchareine Administration systemes/reseaux - CERTIX Tel: +33 1 40 34 43 57 Fax: +33 1 40 35 09 98
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:09 PDT