Bugtraq mailing list archives
Re: ncftp 2.4.3 bug
From: daia () stoilow imar ro (Liviu Daia)
Date: Tue, 23 Jun 1998 19:35:01 +0300
On 22 June 1998, Mike Gleason <mgleason () NCFTP COM> wrote: [...]
As for this particular bug, it crashes because ncftp 2.x was trying to copy from a NULL pointer. So, no buffer exploit. Version 3 (still beta) handles it just fine. The official gospel is to upgrade to version 3, since the bug doesn't occur naturally in the wild.
[...]
However, some people might still want to stick with version 2.4.3,
since a few useful (IMHO) features have been removed along the way to
version 3. :-) So here's a simple fix, for the sake of the old days:
--- Cmds.c.old Fri Mar 20 04:02:07 1998
+++ Cmds.c Tue Jun 23 19:15:53 1998
@@ -241,7 +241,7 @@
* if we can parse out the new directory without
* doing a PWD command.
*/
- if (cwdrp != NULL) {
+ if (cwdrp != NULL && cwdrp->msg.first != NULL) {
/* "xxxx" is new cwd.
* Strip out just the xxxx to copy into the remote cwd.
*/
Regards,
Liviu
--
Dr. Liviu Daia e-mail: daia () stoilow imar ro
Institute of Mathematics web page: http://www.imar.ro/~daia
of the Romanian Academy PGP key: finger daia () stoilow imar ro
Current thread:
- ncftp 2.4.3 bug Paul Boehm (Jun 20)
- <Possible follow-ups>
- Re: ncftp 2.4.3 bug Mike Gleason (Jun 22)
- Re: ncftp 2.4.3 bug Paul Boehm (Jun 22)
- Re: ncftp 2.4.3 bug Liviu Daia (Jun 23)
- textcounter.pl SECURITY HOLE Doru Petrescu (Jun 23)
- Re: textcounter.pl SECURITY HOLE Rich Lafferty (Jun 24)
- Yipes named attack Anonymous (Jun 24)
- security hole in mailx Alvaro Martinez Echevarria (Jun 24)
- Re: security hole in mailx gold (Jun 25)
- Re: security hole in mailx Casper Dik (Jun 25)
- Bug is sudo? Rhodie (Jun 25)
- Re: Bug is sudo? Warner Losh (Jun 26)
- Re: Bug is sudo? Todd C. Miller (Jun 27)
- Re: security hole in mailx Alvaro Martinez Echevarria (Jun 25)