ProFTPD Root Exploit...

Subject: ProFTPD Root Exploit...
From: Darron Froese (
Date: Sun Aug 29 1999 - 19:44:12 MDT

There's a lovely remote root exploit available for ProFTPD.

Question to all: How come, I can patch the source for proftpd on my intel
linux box and it works just fine while getting the tarball (from or SRPMS from, rebuilding and
patching doesn't work on ydl-1.0 - it just doesn't want to let me log in -
it's probably pam related but I just don't know where...

If no-one knows, is there an updated rpm?

Here's the patch in case you're interested:

--- src/log.c.orig Mon Aug 30 12:28:53 1999
+++ src/log.c Mon Aug 30 12:29:05 1999
@@ -111,7 +111,7 @@
   if(xferfd == -1)
     return 0;
- sprintf(buf,"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n",
+ snprintf(buf,sizeof(buf),"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n",



This archive was generated by hypermail 2a24 : Sun Sep 05 1999 - 13:46:33 MDT