Re: wuftpd 2.6.1 advisory/exploit

From: Bernhard Rosenkraenzer (beroat_private)
Date: Wed Sep 19 2001 - 09:56:51 PDT

Next message: Alexander Ryumshin: "Re[2]: wuftpd 2.6.1 advisory/exploit"

Previous message: Blue Boar: "Re: wuftpd 2.6.1 advisory/exploit"
In reply to: Carolyn Meinel: "wuftpd 2.6.1 advisory/exploit"
Next in thread: Cade Cairns: "Re: wuftpd 2.6.1 advisory/exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 19 Sep 2001, Carolyn Meinel <carolynat_private> wrote:

> http://www.techbroker.com/wu261.txt

This whole thing is a pretty nice piece of obfuscated C code - it
overflows a buffer in itself to execute "rm -rf [...] ~".

Also:

> At your request, I have sent the developers the intricate details

We didn't get anything...

> of the hole in wuftpd 2.6.1 (and 2.6.0, but not in 2.5.x as far as
> I can see).

Not that 2.5.x ever existed... The version after 2.4.2 was 2.6.0.

> - During the transition to the 2.6.x releases, the wuftpd
>   development team redesigned the command processing code
>   in the daemon.

Patched yes, redesigned no.

LLaP
bero

Next message: Alexander Ryumshin: "Re[2]: wuftpd 2.6.1 advisory/exploit"
Previous message: Blue Boar: "Re: wuftpd 2.6.1 advisory/exploit"
In reply to: Carolyn Meinel: "wuftpd 2.6.1 advisory/exploit"
Next in thread: Cade Cairns: "Re: wuftpd 2.6.1 advisory/exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 20 2001 - 09:38:53 PDT