Bugtraq: Re: wu-ftpd beta 13 Upload Ownership/Permissions Bug

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: wu-ftpd beta 13 Upload Ownership/Permissions Bug

From: zilbauer () CTHULHU EUROPA COM (Robert Zilbauer)
Date: Fri, 20 Jun 1997 12:03:09 -0700


At 11:55 PM 6/19/97 -0500, Michael Brennen wrote:

There is a potentially serious bug in ftpd.c in wu-ftpd beta 13.  I have
no idea if it exists in previous betas.  I don't think this was a problem
in beta 11, but I've not kept any older source.  If you are not running
beta 13, check this against your source.

[...snip...]

If upload directive processing fails for the anonymous user, sites that
depend on upload directives to properly set incoming file permissions
could find their site security compromised.


Upload directives work fine in beta 12. Must be a new addition to b13.

-----
Robert C. Zilbauer, Jr.                          Europa Communications Inc
Primary: zilbauer () europa com                   Secondary: zilbauer () efn org

          "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn."

By Date By Thread

Current thread:

wu-ftpd beta 13 Upload Ownership/Permissions Bug PLaGuEZ (Jan 01)
- listserv buffer overflow(s) Tom Guptill (Jun 20)
- <Possible follow-ups>
- wu-ftpd beta 13 Upload Ownership/Permissions Bug Michael Brennen (Jun 19)
- Re: wu-ftpd beta 13 Upload Ownership/Permissions Bug Robert Zilbauer (Jun 20)