|
Vulnerability Development
mailing list archives
Re: FTP.EXE format string vulnerability
From: Jarno Huuskonen <Jarno.Huuskonen () uku fi>
Date: Thu, 14 Jun 2001 12:48:55 +0300
On Sun, Jun 10, ByteRage wrote:
It probably *still* doesn't matter much, but I found
that the linux (Redhat 6.0 / Kernel 2.4.2) ftp client
is also vulnerable to format string vulnerabilities :
This has been on vuln-dev or bugtraq earlier.
example :
site %x
NOTE : about my previous post : GET should've been a
command to the server, like RETR or STOR... however,
whether it's a working command or not, the format
string bug still occurs.
This patch might help:
--- netkit-ftp-0.16/ftp/cmds.c-orig Tue Oct 3 09:05:01 2000
+++ netkit-ftp-0.16/ftp/cmds.c Tue Oct 3 09:04:26 2000
@@ -1663,7 +1663,7 @@
len += strlen(strcpy(&buf[len], argv[i]));
}
}
- if (command(buf) == PRELIM) {
+ if (command("%s", buf) == PRELIM) {
while (getreply(0) == PRELIM);
}
}
I think I backported the patch from netkit-ftp-0.17 or something like
that ... or just upgrade to newer netkit-ftp
-Jarno
--
Jarno Huuskonen - System Administrator | Jarno.Huuskonen () uku fi
 By Date 
By Thread
Current thread:
| 
Intro
