Re: wuftpd 2.6.1 (fake?) exploits

["Jason Parker" <jparker () o-negative net>]

There was an old old old wuftpd exploit that would overflow with pasv, then
it would core dump with a copy of /etc/shadow world readable in it. It was a
cute little vuln, but patched long long ago.
..I'm sure we can move on from looking for "fake" exploits that were
released in the past.

We should all be able to move on from this weekends issue. I'm sure the
person(s) responsible regret what they have done. Lets move on and search
for new things.

jparker(); - http://www.o-negative.net
o-Negative: Information Network



----- Original Message -----
From: "josmon m." <digitalenemy () gmx net>
To: <vuln-dev () securityfocus com>
Sent: Saturday, September 22, 2001 1:32 PM
Subject: Re: wuftpd 2.6.1 (fake?) exploits


> bb:
> lol
> hm....but like
> wu261ex.c looks like it should work (well...except the gets(blah) *g* and
> the system(rm -rf *.c thingy ;p)..heh
> well....i saw a patch on the wuftpd site against some pasv vuln....so
maybe
> its a patched exploit.
> anyways....ill test it tomorrow (or when i get time) and drop ya guys a
msg
> :)
>
> peace
> -josmon m
>
> www.entenkotze.cjb.net