Bugtraq mailing list archives
ftpd and setproctitle()
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Thu, 6 Jul 2000 03:05:44 -0600
Well, while everyone is talking about setproctitle affecting wuftpd,
I should probably note that it even affects the OpenBSD ftpd. In fact,
looking around, it looks like it might affect everyone's ftpd.
Our patch is at
http://www.openbsd.org/errata.html#ftpd
We're currently going through our tree looking for *printf(), err*(),
warn*(), syslog(), setproctitle(), and even curses *print*() functions
that might have issues like this. We did this before for the *printf
family, perhaps 3 years ago, but even now we are discovering a few that
we have missed.
It's scary, and quite a bit of work to check every such call. They
happen a lot..
Current thread:
- ftpd and setproctitle() Theo de Raadt (Jul 06)
- Re: ftpd and setproctitle() Kris Kennaway (Jul 06)
- More Detailed Info on the BitchX Format Bugs RoboHak (Jul 07)
- Re: More Detailed Info on the BitchX Format Bugs Ryan Russell (Jul 07)
- Re: More Detailed Info on the BitchX Format Bugs RoboHak (Jul 09)
- opieftpd setproctitle() patches Kris Kennaway (Jul 10)
- Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability Ussr Labs (Jul 10)
- Security Update: Denial of Service against irc-BX Technical Support (Jul 07)
- Out of order SMTP DATA commands incorrectly allow pass-through mode in some firewall smtp filters/proxies Lincoln Yeoh (Jul 08)
- Re: More Detailed Info on the BitchX Format Bugs Ryan Russell (Jul 07)
- Re: ftpd and setproctitle() D. J. Bernstein (Jul 07)
- Re: ftpd and setproctitle() Bernd Luevelsmeyer (Jul 07)
(Thread continues...)