On Wed, 19 Sep 2001, Carolyn Meinel <carolynat_private> wrote: > http://www.techbroker.com/wu261.txt This whole thing is a pretty nice piece of obfuscated C code - it overflows a buffer in itself to execute "rm -rf [...] ~". Also: > At your request, I have sent the developers the intricate details We didn't get anything... > of the hole in wuftpd 2.6.1 (and 2.6.0, but not in 2.5.x as far as > I can see). Not that 2.5.x ever existed... The version after 2.4.2 was 2.6.0. > - During the transition to the 2.6.x releases, the wuftpd > development team redesigned the command processing code > in the daemon. Patched yes, redesigned no. LLaP bero
This archive was generated by hypermail 2b30 : Thu Sep 20 2001 - 09:38:53 PDT