Re: wuftpd 2.6.1 advisory/exploit
From: Bernhard Rosenkraenzer (bero@redhat.de)Date: 09/19/01
- Previous message: Blue Boar: "Re: wuftpd 2.6.1 advisory/exploit"
- In reply to: Carolyn Meinel: "wuftpd 2.6.1 advisory/exploit"
- Next in thread: Cade Cairns: "Re: wuftpd 2.6.1 advisory/exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Sep 2001 18:56:51 +0200 (CEST) From: Bernhard Rosenkraenzer <bero@redhat.de> To: Carolyn Meinel <carolyn@techbroker.com>, <vuln-dev@securityfocus.com> Subject: Re: wuftpd 2.6.1 advisory/exploit Message-ID: <Pine.LNX.4.33.0109191852100.23138-100000@bochum.stuttgart.redhat.com>
On Wed, 19 Sep 2001, Carolyn Meinel <carolyn@techbroker.com> wrote:
> http://www.techbroker.com/wu261.txt
This whole thing is a pretty nice piece of obfuscated C code - it
overflows a buffer in itself to execute "rm -rf [...] ~".
Also:
> At your request, I have sent the developers the intricate details
We didn't get anything...
> of the hole in wuftpd 2.6.1 (and 2.6.0, but not in 2.5.x as far as
> I can see).
Not that 2.5.x ever existed... The version after 2.4.2 was 2.6.0.
> - During the transition to the 2.6.x releases, the wuftpd
> development team redesigned the command processing code
> in the daemon.
Patched yes, redesigned no.
LLaP
bero
- Previous message: Blue Boar: "Re: wuftpd 2.6.1 advisory/exploit"
- In reply to: Carolyn Meinel: "wuftpd 2.6.1 advisory/exploit"
- Next in thread: Cade Cairns: "Re: wuftpd 2.6.1 advisory/exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
