|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
another two bugs in ftpd
Vadim Kolontsov (vadim
tversu.ac.ru)Tue, 15 Oct 1996 08:41:40 +0300
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Alan Cox: "Re: Excellent host SYN-attack fix for BSD hosts"
- Previous message: Vern Paxson: "Re: Excellent host SYN-attack fix for BSD hosts"
- In reply to: Marc Slemko: "Re: bin/1805: Bug in ftpd"
- Next in thread: Norman Shulman: "Re: BoS: another two bugs in ftpd"
Hello, wuftpd can create core dump in two following situation too (yes, dump will contain some subset of shadowed passwords): 1) "pasv" given when user not logged in (caused by error in passive()) 2) more than 100 arguments to any executable command (for example, "list") (caused by error in ftpd_popen()) First error presents in almost all version of bsd's ftpd, wu-ftpd and derived. Second error presents in all versions of bsd's ftpd, wu-ftpd and derived (as far as I know). Bugfixes are simple. Checking for "pw != NULL" in first case, and checking for "argc < 100" in another one (see sources). Best regards, Vadim. P.S. By the way, who knows e-mail of wu-ftpd developer? Mail me, pls... -------------------------------------------------------------------------- Vadim Kolontsov SysAdm/Programmer Tver Regional Center of New Information Technologies Networks Lab
- Next message: Alan Cox: "Re: Excellent host SYN-attack fix for BSD hosts"
- Previous message: Vern Paxson: "Re: Excellent host SYN-attack fix for BSD hosts"
- In reply to: Marc Slemko: "Re: bin/1805: Bug in ftpd"
- Next in thread: Norman Shulman: "Re: BoS: another two bugs in ftpd"