Bugtraq mailing list archives
wu-ftpd
From: edi () ESC AC AT (Eduard Nigsch)
Date: Sat, 28 Aug 1999 20:37:18 +0200
I've been browsing through the ftpd code and the overflow is really there. But as soon as I made some tests, (using CWD function), the vulnerable buffer seems to be out of stack space, which turns to be impossible to reach the return address.
This is not quite true: The overflown buffer is on the heap, but this doesn't mean you cannot exploit it. 'onefile' and 'Argv', which come next in memory, can be modified to point anywhere you like, and there is more than 1 way to gain root access with this.
but if it's really true, this problem will not mean anything as a security matters (BeroFTPD and WUftpd are running from inetd so it wont be a dos).
It actually IS a security problem, but because of the difficulty in exploiting it there should be enough time to upgrade servers before exploits are widespread. Edi
Current thread:
- (no subject) Anonymous (Aug 26)
- wu-ftpd Eduard Nigsch (Aug 28)
- Re: your mail Gregory A Lundberg (Aug 28)