Bugtraq mailing list archives

Re: CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)

From: venglin () FREEBSD LUBLIN PL (Przemyslaw Frasunek)
Date: Sat, 24 Jun 2000 09:09:16 +0200

This is a new release. Our previous -10cl didn't fix the problem.
wu-ftpd package version 2.6.0 and below has a buffer overflow that can
be remotely exploited and give an attacker root privileges on the
remote machine.


This advisory is clueless. This is *NOT* a buffer overflow attack. Exploit uses
vsnprintf() format string to overwrite *arbitrary* chunk of stack or bss.

--
* Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE *
* Inet: venglin () freebsd lublin pl ** PGP: D48684904685DF43  EA93AFA13BE170BF *

Current thread:

CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release) Security (Jun 23)
- Re: CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release) Przemyslaw Frasunek (Jun 24)