Re: SECURITY: new wu-ftpd packages available (fwd)

[storner () N-M COM (Henrik Storner)]

Ronald Wahl wrote:
> On Tue, 9 Feb 1999, RHS Linux User wrote:
> > A security vulnerability has been identified in all versions of the wu-ftpd
> > server binary shipped with Red Hat Linux.
>
> Is it possible that the bug is not fixed yet?
>
> mkdir <verylongname> let the deamon do funny things. Can someone reproduce
> this?

I looked into the patch that Red Hat included with the new wu-ftpd
package.
It does implement some checking of the parameters given to the ftp
daemon's realpath() routine; however, at the very top of this routine
there
is an unguarded "strcpy(currpath, pathname)" - the currpath buffer is
declared
locally of size MAXPATHLEN (4K on Linux, it seems).

It looks as if it is still vulnerable.