Bugtraq mailing list archives
Re: ProFTPD
From: pb () ECLIPSE CERTIX FR (pb () ECLIPSE CERTIX FR)
Date: Wed, 1 Sep 1999 11:35:11 +0200
Hi, Note that user takes the value "Note that user takes the value "user@host" given at password prompt for anonymous access (forgetting any potential dns attacks into remhost) This allows anyone to smash the stack just with an anonymous access and a file to download. (see last published exploits.) Regards, Pascal On Mon, Aug 30, 1999 at 07:42:44PM +1200, Nic Bellamy wrote:
- sprintf(buf,"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n", + snprintf(buf,sizeof(buf),"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n", fmt_time(time(NULL)),xfertime,remhost,fsize, fname,xfertype,direction,access,user); To exploit the bug, the attacker must have permission to create directories and store files. Regards, Nic. -- Nic Bellamy <sky () wibble net> J. Random Coder.
-- Pascal Bouchareine Administration systemes/reseaux - CERTIX Tel: +33 1 40 34 43 57 Fax: +33 1 40 35 09 98
Current thread:
- Re: ProFTPD Daniel Jacobowitz (Aug 31)
- <Possible follow-ups>
- Re: ProFTPD pb () ECLIPSE CERTIX FR (Sep 01)