Bugtraq mailing list archives
Debian, Re: wuftp2.4.2academ beta 12-18 exploit
From: msm () TONELLI SNS IT (A Mennucc1)
Date: Fri, 7 May 1999 13:25:11 +0200
On Mon, May 03, 1999 at 08:11:00PM -0400, Gregory Newby wrote:
Workaround: wu-ftpd and variants that use files /etc/ftp* for configuration can easily help protect you against the many recent variants that exploit buffer overflows with MKDIR. All the varieties I've seen require creating a directory or file - that's where the overflow happens. In /etc/ftpaccess, you have the option to specify SNIP mkdir no anonymous upload no anonymous
beware for Debian GnuLinux (my version is wu-2.4.2-academ[BETA-16]): the line mkdir... is silently ignored and has no effect and the line upload... has a completely different syntax: ``` upload <root-dir> <dirglob> <yes|no> <owner> <group> <mode> ["dirs"|"nodirs"] Define a directory with <dirglob> that permits or denies uploads. ''' a.m. -- Legal Warning: Anyone sending me unsolicited/commercial email WILL be charged a $100 proof-reading fee. Do NOT send junk email to me - consider this an official notice: "By US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b)(1)(C), it is unlawful to send any unsolicited advertisement to such equipment. By Sec.227(b)(3)(C), a violation of the aforementioned Section is punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation."
Current thread:
- wuftp2.4.2academ beta 12-18 exploit Mixter (May 01)
- Re: wuftp2.4.2academ beta 12-18 exploit Gregory Newby (May 03)
- Re: wuftp2.4.2academ beta 12-18 exploit Mariusz Marcinkiewicz (May 05)
- Re: wuftp2.4.2academ beta 12-18 exploit laq () SWIPNET SE (May 05)
- Re: wuftp2.4.2academ beta 12-18 exploit laq () SWIPNET SEX (May 07)
- wu-ftpd exploit fix Adam Maloney (May 06)
- Re: wu-ftpd exploit fix Jordan Ritter (May 07)
- Debian, Re: wuftp2.4.2academ beta 12-18 exploit A Mennucc1 (May 07)
- Re: wuftp2.4.2academ beta 12-18 exploit Chad Price (May 04)
- Re: wuftp2.4.2academ beta 12-18 exploit Gregory Newby (May 03)