 | ||||||
| << Previous | INDEX | Search | src | Set bookmark | Go to bookmark | Next >> |
| ||||||
| |||||||||||||||||||||
Date: Mon, 30 Aug 1999 12:44:35 +1200 From: Nic Bellamy <sky@WIBBLE.NET.INVALID> To: BUGTRAQ@SECURITYFOCUS.COM Subject: [patch] ProFTPd remote root exploit This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --499866794-260631012-935973497=:3481 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: <Pine.LNX.3.96.990830123829.3481D@wibble.net> Hi, tracked this problem to an sprintf() into a buffer on the stack in the log_xfer() routine in src/log.c. Gotta love it. Sigh. Attached patch against 1.2.0pre3a should fix it (it does the trick here), although it does still leave ugly stuff in your xferlog. The patch should also apply to earlier versions without too much trouble. Regards, Nic. -- Nic Bellamy <sky@wibble.net> J. Random Coder. --499866794-260631012-935973497=:3481 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME="proftpd-xferlog.diff" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.LNX.3.96.990830123817.3481B@wibble.net> Content-Description: LS0tIHByb2Z0cGQtMS4yLjBwcmUzYS9zcmMvbG9nLmMub3JpZwlNb24gQXVn IDMwIDEyOjI4OjUzIDE5OTkNCisrKyBwcm9mdHBkLTEuMi4wcHJlM2Evc3Jj L2xvZy5jCU1vbiBBdWcgMzAgMTI6Mjk6MDUgMTk5OQ0KQEAgLTExMSw3ICsx MTEsNyBAQA0KICAgaWYoeGZlcmZkID09IC0xKQ0KICAgICByZXR1cm4gMDsN CiANCi0gIHNwcmludGYoYnVmLCIlcyAlZCAlcyAlbHUgJXMgJWMgXyAlYyAl YyAlcyBmdHAgMCAqXG4iLA0KKyAgc25wcmludGYoYnVmLHNpemVvZihidWYp LCIlcyAlZCAlcyAlbHUgJXMgJWMgXyAlYyAlYyAlcyBmdHAgMCAqXG4iLA0K ICAgICAgICAgICBmbXRfdGltZSh0aW1lKE5VTEwpKSx4ZmVydGltZSxyZW1o b3N0LGZzaXplLA0KICAgICAgICAgICBmbmFtZSx4ZmVydHlwZSxkaXJlY3Rp b24sYWNjZXNzLHVzZXIpOw0KIA0K --499866794-260631012-935973497=:3481--
| |||||||||||||||||||||
|
|