On Thu 7. March 2002 15:18, H D Moore wrote: > YES. wu-ftpd will call compress with the file name as an argument if you > request the file name ending in .Z. You have to be able to write out a file > name containing the shell code to exploit the bug. The problem is that the file have to be 1100 chars long , with the shellcode within. But wu-ftpd doesn`t allow/handle so long filenames. > I mentioned the compress bug back in 1998 and again in 2000, it finally > got fixed on some of the newer SuSE releases (not sure about Red Hat, >I dont use it). Compress in Red Hat 7.1 and 7.2 isnt fixed to this bug. -- +-+-+-+-+-+-+-+-+-+-+-+ Were All Born Original Most Die As Copies +-+-+-+-+-+-+-+-+-+-+-+
This archive was generated by hypermail 2b30 : Thu Mar 07 2002 - 16:56:37 PST