Bugtraq mailing list archives
Re: ncftp 2.4.3 bug
From: daia () stoilow imar ro (Liviu Daia)
Date: Tue, 23 Jun 1998 19:35:01 +0300
On 22 June 1998, Mike Gleason <mgleason () NCFTP COM> wrote: [...]
As for this particular bug, it crashes because ncftp 2.x was trying to copy from a NULL pointer. So, no buffer exploit. Version 3 (still beta) handles it just fine. The official gospel is to upgrade to version 3, since the bug doesn't occur naturally in the wild.
[...] However, some people might still want to stick with version 2.4.3, since a few useful (IMHO) features have been removed along the way to version 3. :-) So here's a simple fix, for the sake of the old days: --- Cmds.c.old Fri Mar 20 04:02:07 1998 +++ Cmds.c Tue Jun 23 19:15:53 1998 @@ -241,7 +241,7 @@ * if we can parse out the new directory without * doing a PWD command. */ - if (cwdrp != NULL) { + if (cwdrp != NULL && cwdrp->msg.first != NULL) { /* "xxxx" is new cwd. * Strip out just the xxxx to copy into the remote cwd. */ Regards, Liviu -- Dr. Liviu Daia e-mail: daia () stoilow imar ro Institute of Mathematics web page: http://www.imar.ro/~daia of the Romanian Academy PGP key: finger daia () stoilow imar ro
Current thread:
- ncftp 2.4.3 bug Paul Boehm (Jun 20)
- <Possible follow-ups>
- Re: ncftp 2.4.3 bug Mike Gleason (Jun 22)
- Re: ncftp 2.4.3 bug Paul Boehm (Jun 22)
- Re: ncftp 2.4.3 bug Liviu Daia (Jun 23)
- textcounter.pl SECURITY HOLE Doru Petrescu (Jun 23)
- Re: textcounter.pl SECURITY HOLE Rich Lafferty (Jun 24)
- Yipes named attack Anonymous (Jun 24)
- security hole in mailx Alvaro Martinez Echevarria (Jun 24)
- Re: security hole in mailx gold (Jun 25)
- Re: security hole in mailx Casper Dik (Jun 25)
- Bug is sudo? Rhodie (Jun 25)
- Re: Bug is sudo? Warner Losh (Jun 26)
- Re: Bug is sudo? Todd C. Miller (Jun 27)
- Re: security hole in mailx Alvaro Martinez Echevarria (Jun 25)