Re: [proftpd-l] root compromise ? (fwd)

[camposr () MATRIX COM BR (Rodrigo Campos)]

Information regarding the root exploit in various ftp daemons, including
proftpd.

--
________________________
Rodrigo Albani de Campos                      [i.constantly.invent.myself]
Matrix Internet - NOC

---------- Forwarded message ----------
Date: Tue, 09 Feb 1999 17:11:55 -0500
From: Jay Soffian <jay () cimedia com>
Reply-To: proftpd-l () evcom net
To: proftpd-l () evcom net,
    camposr () matrix com br
Subject: Re: [proftpd-l] root compromise ?

 "Rodrigo" == Rodrigo Campos <camposr () matrix com br> writes:

Rodrigo> Is the information supplied in
Rodrigo> http://www.netect.com/advisory_0209.html correct ?

Rodrigo> I've found nothing in the list archives.

There is a patch available at ftp://ftp.proftpd.org/patches/

Basically wherever the code uses the strcat function, it has been
changed to use sstrcat function which imposes a maximum length on
pathnames.

I don't know if proftpd is compromisable w/o the patch or not as I
have not reviewed it that thouroughly. Also, it appears that the
comprimise (if one exists) is only available after login. So if don't
allow anonymous logins, you only have to worry about your local users.

This may all be wrong. I've only briefly examined the patch.

j.
--
Jay Soffian <jay () cimedia com>                       UNIX Systems Administrator
404.572.1941                                             Cox Interactive Media