Bugtraq: Re: [patch] ProFTPd remote root exploit

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [patch] ProFTPd remote root exploit

From: jpr5 () DARKRIDGE COM (Jordan Ritter)
Date: Mon, 30 Aug 1999 13:57:29 -0400


On Mon, 30 Aug 1999, Nic Bellamy wrote:

      tracked this problem to an sprintf() into a buffer on the stack
in the log_xfer() routine in src/log.c. Gotta love it. Sigh.


What's interesting to note is that I notified the contact at ProFTPd of
this exact overflow back during the last ftpd fiasco (there was more than
one way to break proftpd).  Assuming that you're making this assertion
from the absolute latest source available, I'd say it's unfortunate that
this wasn't dealt with many months ago.

--jordan

By Date By Thread

Current thread:

Re: [patch] ProFTPd remote root exploit Jordan Ritter (Aug 30)
- Re: [patch] ProFTPd remote root exploit Dan Stromberg (Sep 01)
- [ Kernel panic with FreeBSD-3.2-19990830-STABLE ] Sebastien Petit (Sep 02)