Bugtraq mailing list archives

Re: Pro/wuFTPD DoS

From: mlists () GIZMO KYRNET KG (CyberPsychotic)
Date: Wed, 17 Feb 1999 23:37:34 +0500


~ This is the bash path overlow (up to 2.0.0) which has been fixed in bash
~ v2.02.

~ > kills patched ProFTPD dead.
~ >
~ Hmmm i think that the problem here isn't overflow in ProFTPD.
~ Here is a proof.
~


 The problem IS an overflow in ProFTPD, I've sent a detailed report to
bugtraq few days ago, but somewhy it still hasnt appeared on the list.
To be quick, the problem sits in fs.c:fs_dircat() routine, which doesn't
make boundary checks while concatinating directory names.

Current thread:

Re: Pro/wuFTPD DoS Ultor (Feb 13)
- <Possible follow-ups>
- Re: Pro/wuFTPD DoS ga (Feb 15)
  - Re: Pro/wuFTPD DoS CyberPsychotic (Feb 17)
- Re: Pro/wuFTPD DoS CyberPsychotic (Feb 19)
  - Re: Pro/wuFTPD DoS Chris Wedgwood (Feb 20)
    - Process table attack (from RISKS Digest) Mark Boolootian (Feb 20)
    - LSOF exploit c0nd0r (Feb 21)
    - Re: Process table attack (from RISKS Digest) Olle Segerdahl,D (Feb 22)
    - Re: Process table attack (from RISKS Digest) Jan B. Koum (Feb 22)
    - ANNOUNCE: Net::RawIP 0.06 has been released Sergey V. Kolychev (Feb 22)
    - Summary: Copyright on Security advisories Aviram Jenik (Feb 22)
    - Re: Process table attack (from RISKS Digest) Dug Song (Feb 22)
    - NetBus client 1.x overflow Daniel Rosowski (Feb 22)

(Thread continues...)