Bugtraq mailing list archives

Re: serious security bug in wu-ftpd v2.4

From: wietse () porcupine org (Wietse Venema)
Date: Sat, 4 Jan 1997 21:42:58 -0500


The fix as proposed by the author (specific to the dologout()
function) is probably not sufficient.

There are many places where ftpd temporariliy raises its privilege
level and could be tractorbeamed away due to the arrival of a
signal.

Thus, all code fragments that run between seteuid(0) and seteuid(user)
should be considered critical regions. I recommend that all signals
be suspended while ftpd does its critical stuff.

I'm fixing the logdaemon ftpd, which seems to have the same problem.

        Wietse

Current thread:

XDM bug Angel Ortiz (Jan 02)
- <Possible follow-ups>
- Re: XDM bug Steve \ (Jan 03)
  - Re: XDM bug jamie (Jan 03)
    - Re: XDM bug Alex Belits (Jan 03)
    - serious security bug in wu-ftpd v2.4 Aleph One (Jan 04)
    - Re: serious security bug in wu-ftpd v2.4 Wietse Venema (Jan 04)
    - Buffer overflow in the query cgi. Apropos of Nothing (Jan 04)
    - Re: Buffer overflow in the query cgi. Thomas H. Ptacek (Jan 04)
  - Re: XDM bug Mr. ManX (Jan 03)