Vulnerability Development mailing list archives
Re: wuftpd 2.6.1 (fake?) exploits
From: "Jason Parker" <jparker () o-negative net>
Date: Sat, 22 Sep 2001 23:33:27 -0500
There was an old old old wuftpd exploit that would overflow with pasv, then it would core dump with a copy of /etc/shadow world readable in it. It was a cute little vuln, but patched long long ago. ..I'm sure we can move on from looking for "fake" exploits that were released in the past. We should all be able to move on from this weekends issue. I'm sure the person(s) responsible regret what they have done. Lets move on and search for new things. jparker(); - http://www.o-negative.net o-Negative: Information Network ----- Original Message ----- From: "josmon m." <digitalenemy () gmx net> To: <vuln-dev () securityfocus com> Sent: Saturday, September 22, 2001 1:32 PM Subject: Re: wuftpd 2.6.1 (fake?) exploits
bb: lol hm....but like wu261ex.c looks like it should work (well...except the gets(blah) *g* and the system(rm -rf *.c thingy ;p)..heh well....i saw a patch on the wuftpd site against some pasv vuln....so
maybe
its a patched exploit. anyways....ill test it tomorrow (or when i get time) and drop ya guys a
msg
:) peace -josmon m www.entenkotze.cjb.net
Current thread:
- wuftpd 2.6.1 (fake?) exploits josmon m. (Sep 22)
- Re: wuftpd 2.6.1 (fake?) exploits Blue Boar (Sep 22)
- Re: wuftpd 2.6.1 (fake?) exploits josmon m. (Sep 22)
- Re: wuftpd 2.6.1 (fake?) exploits Jason Parker (Sep 22)
- Re: wuftpd 2.6.1 (fake?) exploits josmon m. (Sep 22)
- <Possible follow-ups>
- Re: wuftpd 2.6.1 (fake?) exploits w1re p4ir (Sep 22)
- Re: wuftpd 2.6.1 (fake?) exploits Blue Boar (Sep 22)