In response to Luck Martins' report of a buffer overflow in WFTPD 2.40 and 2.34, we can confirm that this error does exist. Our initial tests suggest that it is more of a 'denial-of-service' nature, rather than an exploit allowing an attacker to load their own code into memory - the access that generates the fault is overwriting a single null byte into heap space, rather than stack space. We've been working on this problem over the weekend, coinciding as it has with our intent to release a new version, 2.41, early this week. We are completing regression testing and beta testing and will be releasing the new version later today. Alun Jones President, Texas Imperial Software.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:29 PDT