Bugtraq mailing list archives
wu-ftpd exploit fix
From: adam () IEXPOSURE COM (Adam Maloney)
Date: Thu, 6 May 1999 14:19:48 -0500
We evaluated the source to the exploit, and made some changes to realpath.c (found in the /src directory of the wu-ftpd tarball) After making these changes, we tried the exploits again on 3 different machines (that we were able to compromise before) and could no longer get root. Interestingly enough, from the code that we saw, there was already code in the source to handle buffer overflows, but it wasn't implemented for all of the functions. Niether I nor my company make any guarantees that these changes will fix the buffer overflows. I will say that we have not been able to gain root through the exploit posted since we made these changes. This diff is against wu-ftpd 2.4.2b18 (not a VC distro) Here's the diff: 150c150 < strcpy(result, namebuf); ---
strncpy(result, namebuf, MAXPATHLEN);
158c158 < strcpy(result, namebuf); ---
strncpy(result, namebuf, MAXPATHLEN);
178c178 < strcpy(result, namebuf); ---
strncpy(result, namebuf, MAXPATHLEN);
183c183 < strcpy(result, workpath); ---
strncpy(result, workpath, MAXPATHLEN);
Adam Maloney Systems Administrator Internet Exposure, Inc. [612] 922.3126
Current thread:
- wuftp2.4.2academ beta 12-18 exploit Mixter (May 01)
- Re: wuftp2.4.2academ beta 12-18 exploit Gregory Newby (May 03)
- Re: wuftp2.4.2academ beta 12-18 exploit Mariusz Marcinkiewicz (May 05)
- Re: wuftp2.4.2academ beta 12-18 exploit laq () SWIPNET SE (May 05)
- Re: wuftp2.4.2academ beta 12-18 exploit laq () SWIPNET SEX (May 07)
- wu-ftpd exploit fix Adam Maloney (May 06)
- Re: wu-ftpd exploit fix Jordan Ritter (May 07)
- Debian, Re: wuftp2.4.2academ beta 12-18 exploit A Mennucc1 (May 07)
- Re: wuftp2.4.2academ beta 12-18 exploit Chad Price (May 04)
- Re: wuftp2.4.2academ beta 12-18 exploit Gregory Newby (May 03)