Bugtraq mailing list archives
Re: Pro/wuFTPD DoS
From: abelits () PHOBOS ILLTEL DENVER CO US (Alex Belits)
Date: Sun, 21 Feb 1999 23:30:38 -0800
On Sun, 21 Feb 1999, Chris Wedgwood wrote:
I think I will probably write it again, since I don't I have it saved somewhere. There's nothing fascinating actually. This seem to be a heap buffer overflow, which smashes pointers to the dirnames (thus you could probably get access to files outsite chrooted envinronment):Could someone please clue me in on how this might be so, assuming *ftpd correctly chroot's itself then relinquishes permissions?
There is a claim in the description of that hole, that wu-ftpd doesn't relinquish permissions properly, changing the uid "temporarily". I assume, it means that saved uid is not changed at that point, however I haven't checked in the source, if this is true. -- Alex ---------------------------------------------------------------------- Excellent.. now give users the option to cut your hair you hippie! -- Anonymous Coward
Current thread:
- ANNOUNCE: Net::RawIP 0.06 has been released, (continued)
- ANNOUNCE: Net::RawIP 0.06 has been released Sergey V. Kolychev (Feb 22)
- Summary: Copyright on Security advisories Aviram Jenik (Feb 22)
- Re: Process table attack (from RISKS Digest) Dug Song (Feb 22)
- NetBus client 1.x overflow Daniel Rosowski (Feb 22)
- Re: Process table attack (from RISKS Digest) James Lockwood (Feb 22)
- Re: Process table attack (from RISKS Digest) Dirk Moerenhout (Feb 22)
- Re: Process table attack (from RISKS Digest) unknown () RIVERSTYX NET (Feb 22)
- Re: Process table attack (from RISKS Digest) Andrew Hobgood (Feb 22)
- Denial of service process table attacks John Conover (Feb 23)
- Group kmem exploitable? Oliver Xymoron (Feb 23)
- Re: Pro/wuFTPD DoS Alex Belits (Feb 21)
- ISS install.iss security hole Fyodor (Feb 20)
- Re: ISS install.iss security hole Joel Eriksson (Feb 22)
- Preventing remote OS detection Patrick Gilbert (Feb 22)
- Re: Preventing remote OS detection James Lockwood (Feb 22)
- Re: Preventing remote OS detection route () RESENTMENT INFONEXUS COM (Feb 22)
- Re: Preventing remote OS detection Salvatore Sanfilippo (Feb 23)
- Re: ISS install.iss security hole Peter Benie (Feb 22)
- Re: ISS install.iss security hole Michael Warfield (Feb 22)
- BlackHats Advisory -- InterScan VirusWall The Unicorn (Feb 22)
- Microsoft Security Bulletin (MS99-007) aleph1 () UNDERGROUND ORG (Feb 22)