ProFTPD Root Exploit...

Subject: ProFTPD Root Exploit...
From: Darron Froese (darron@fudgehead.com)
Date: Sun Aug 29 1999 - 19:44:12 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Dan Burcaw: "Re: ProFTPD Root Exploit..."
• Previous message: Erick W.Curtis: "YDL Linux Freezes on statrup On My Bule G3"
• Next in thread: Dan Burcaw: "Re: ProFTPD Root Exploit..."

There's a lovely remote root exploit available for ProFTPD.

Question to all: How come, I can patch the source for proftpd on my intel
linux box and it works just fine while getting the tarball (from
www.proftpd.org) or SRPMS from ftp.yellowdoglinux.com, rebuilding and
patching doesn't work on ydl-1.0 - it just doesn't want to let me log in -
it's probably pam related but I just don't know where...

If no-one knows, is there an updated rpm?

Here's the patch in case you're interested:

--- src/log.c.orig Mon Aug 30 12:28:53 1999
+++ src/log.c Mon Aug 30 12:29:05 1999
@@ -111,7 +111,7 @@
   if(xferfd == -1)
     return 0;
 
- sprintf(buf,"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n",
+ snprintf(buf,sizeof(buf),"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n",
           fmt_time(time(NULL)),xfertime,remhost,fsize,
           fname,xfertype,direction,access,user);

Thanks.

Darron
darron@fudgehead.com
<http://darron.odi.ca/>

• Next message: Dan Burcaw: "Re: ProFTPD Root Exploit..."
• Previous message: Erick W.Curtis: "YDL Linux Freezes on statrup On My Bule G3"
• Next in thread: Dan Burcaw: "Re: ProFTPD Root Exploit..."

This archive was generated by hypermail 2a24 : Sun Sep 05 1999 - 13:46:33 MDT