Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_1

Bugtraq archives for 1st quarter (Jan-Mar) 1997: Re: serious security bug in wu-ftpd v2.4

Re: serious security bug in wu-ftpd v2.4

Wietse Venema (wietseporcupine.org)
Sat, 4 Jan 1997 21:42:58 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Apropos of Nothing: "Buffer overflow in the query cgi."
Previous message: Yuri Volobuev: "Irix: netprint story"
In reply to: Aleph One: "serious security bug in wu-ftpd v2.4"
Next in thread: der Mouse: "Re: serious security bug in wu-ftpd v2.4"

The fix as proposed by the author (specific to the dologout()
function) is probably not sufficient.

There are many places where ftpd temporariliy raises its privilege
level and could be tractorbeamed away due to the arrival of a
signal.

Thus, all code fragments that run between seteuid(0) and seteuid(user)
should be considered critical regions. I recommend that all signals
be suspended while ftpd does its critical stuff.

I'm fixing the logdaemon ftpd, which seems to have the same problem.

        Wietse

Next message: Apropos of Nothing: "Buffer overflow in the query cgi."
Previous message: Yuri Volobuev: "Irix: netprint story"
In reply to: Aleph One: "serious security bug in wu-ftpd v2.4"
Next in thread: der Mouse: "Re: serious security bug in wu-ftpd v2.4"