On Sun, Jun 10, ByteRage wrote:
>
> It probably *still* doesn't matter much, but I found
> that the linux (Redhat 6.0 / Kernel 2.4.2) ftp client
> is also vulnerable to format string vulnerabilities :
This has been on vuln-dev or bugtraq earlier.
> example :
>
> site %x
>
> NOTE : about my previous post : GET should've been a
> command to the server, like RETR or STOR... however,
> whether it's a working command or not, the format
> string bug still occurs.
This patch might help:
--- netkit-ftp-0.16/ftp/cmds.c-orig Tue Oct 3 09:05:01 2000
+++ netkit-ftp-0.16/ftp/cmds.c Tue Oct 3 09:04:26 2000
@@ -1663,7 +1663,7 @@
len += strlen(strcpy(&buf[len], argv[i]));
}
}
- if (command(buf) == PRELIM) {
+ if (command("%s", buf) == PRELIM) {
while (getreply(0) == PRELIM);
}
}
I think I backported the patch from netkit-ftp-0.17 or something like
that ... or just upgrade to newer netkit-ftp
-Jarno
--
Jarno Huuskonen - System Administrator | Jarno.Huuskonenat_private
This archive was generated by hypermail 2b30 : Thu Jun 14 2001 - 14:34:23 PDT