proftpd 1.2.0pre6 patch

From: Tymm Twillman (tymmat_private)
Date: Fri Sep 17 1999 - 14:15:11 PDT

Next message: Michael Almond: "Re: recent SCO 5.0.x vulnerabilities"

Previous message: Brian F. Feldman: "socket buffer DoS/administrative limits (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Before I release the exploit, I'd like to give people a chance to fix
the problem.  Here's the patch.  Note that there are other potential
problems; I've been in contact with MacGyver and a new version fixing
this and other stuff should be out within a few days (at this point I
really have no clue if there are exploits possible for the other issues
that might allow breakins; please keep up to date and upgrade as soon as
the new version is available).

Anyhow, here's the patch:

<cut>
--- proftpd-1.2.0pre6.old/src/main.c	Fri Sep 10 15:49:32 1999
+++ proftpd-1.2.0pre6/src/main.c	Thu Sep 16 01:50:43 1999
@@ -379,7 +379,7 @@
 #if PF_ARGV_TYPE == PF_ARGV_WRITEABLE
   /* We can overwrite individual argv[] arguments.  Semi-nice.
    */
-  snprintf(Argv[0], maxlen, statbuf);
+  snprintf(Argv[0], maxlen, "%s", statbuf);
   p = &Argv[0][i];

   while(p < LastArgv)
</cut>

-- that's it.  Amazing how much these little things matter.

-Tymm

Next message: Michael Almond: "Re: recent SCO 5.0.x vulnerabilities"
Previous message: Brian F. Feldman: "socket buffer DoS/administrative limits (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:04:31 PDT