Bugtraq mailing list archives

Re: Netect Advisory: palmetto.ftpd - remote root overflow

From: bugtraq () ANKH SAMIAM ORG (bugtraq mailing list account)
Date: Tue, 9 Feb 1999 16:09:08 -0800


I would like to thank Jordan for making this information public, and
making available pointers to updated versions of ftpd that do not have
these problems.

Since I did not find a RedHat-4.2 compatible RPM of the latest "vr"
release of wu-ftpd, I took the libery of making an updated ftpd RPM
myself.  This is a "quick and dirty" RPM, and does not, AFAIK, properly
use PAM, and assumes that you are using a standard shadowed system.

One advantage of this version of ftpd, in addition to fixing the long
directory problem, is that /etc/ftpaccess actually works.

RPMs of wu-ftpd-beta18-VR13 here:

        http://www.samiam.org/blackdragon

Hopefully, RedHat will have some more PAM-friendly RPMs available soon for
both 5.2 and 4.2 systems.

- Sam

Current thread:

FakeBo 0.3.1 & nmap, (continued)
- FakeBo 0.3.1 & nmap Michael (Feb 08)
- Spoofed Yahoo web site - www.yaho.co.uk Paul Murphy (Feb 08)
  - Re: Spoofed Yahoo web site - www.yaho.co.uk Paul McGovern (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Christopher Masto (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
  - Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
    - Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 10)
    - Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 12)
  - NetApp Filer software versions 5.x: potential hardware killer Jason Downs (Feb 10)
- Netect Advisory: palmetto.ftpd - remote root overflow Jordan Ritter (Feb 09)
  - Re: Netect Advisory: palmetto.ftpd - remote root overflow bugtraq mailing list account (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Mr. joej (Feb 08)
  - Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
    - Re: ISS Internet Scanner Cannot be relied upon for conclusive Casper Dik (Feb 09)
    - Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 10)
    - sl0scan (ambiguous source portscanner) miff (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Ryan Russell (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive der Mouse (Feb 09)
  - Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
    - Re: ISS Internet Scanner Cannot be relied upon for conclusive Joel Eriksson (Feb 12)
  - Re: ISS Internet Scanner Cannot be relied upon for conclusive Randy Taylor (Feb 10)

(Thread continues...)