Bugtraq mailing list archives

Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power)

From: k.stevenson () LOUISVILLE EDU (Keith Stevenson)
Date: Wed, 29 Sep 1999 16:30:47 -0400


On Wed, Sep 29, 1999 at 01:00:32PM +0100, W.H.J.Pinckaers wrote:



At this time: NO, but please make sure you are vulnerable first, we
did discover that this bug is very specific for AIX 4.3.2. (Most other
AIX versions aren't vulnerable to this particular bug)


The version of ftpd contained in bos.net.tcp.client v. 4.3.2.7 seems to
be vulnerable.  A quick check of IBM's software site shows that
v. 4.3.2.10 seems to be the latest version of that fileset.  I have no idea
whether or not it is vulnerable though.

Regards,
--Keith Stevenson--

--
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
k.stevenson () louisville edu
PGP key fingerprint =  4B 29 A8 95 A8 82 EA A2  29 CE 68 DE FC EE B6 A0

Current thread:

Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power) W.H.J.Pinckaers (Sep 29)
- Updated Allaire Security Zone Bulletin and Patch Available Aleph One (Sep 29)
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 Bill Pemberton (Sep 29)
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power) Troy A. Bollinger (Sep 29)
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power) Keith Stevenson (Sep 29)