Bugtraq: Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2

From: wfp5p () CTHULHU ITC VIRGINIA EDU (Bill Pemberton)
Date: Wed, 29 Sep 1999 15:49:12 -0400


W.H.J.Pinckaers writes:


sq01 () Yorku Ca <sq01 () Yorku Ca> Wrote

Hi,


Short of disabling ftpd completely, is there a work-around that will not
affect our users ?



At this time: NO, but please make sure you are vulnerable first, we
did discover that this bug is very specific for AIX 4.3.2. (Most other
AIX versions aren't vulnerable to this particular bug)


Actually, IBM does have an efix for this at:

ftp://aix.software.ibm.com/aix/efixes/security/ftpd.tar.Z


--
Bill Pemberton                                 wfp5p () virginia edu
ITC/Unix Systems                               flash () virginia edu
University of Virginia

By Date By Thread

Current thread:

Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power) W.H.J.Pinckaers (Sep 29)
- Updated Allaire Security Zone Bulletin and Patch Available Aleph One (Sep 29)
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 Bill Pemberton (Sep 29)
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power) Troy A. Bollinger (Sep 29)
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power) Keith Stevenson (Sep 29)