Subject: Re: ProFTPD Root Exploit...
From: Dan Burcaw (dburcaw@terraplex.com)
Date: Sun Aug 29 1999 - 19:49:42 MDT
Darron,
I've been preparing an updated RPM. It'll be available later tonight or
early tomorrow morning.
Thanks,
Dan
On Sun, 29 Aug 1999, Darron Froese wrote:
> There's a lovely remote root exploit available for ProFTPD.
>
> Question to all: How come, I can patch the source for proftpd on my intel
> linux box and it works just fine while getting the tarball (from
> www.proftpd.org) or SRPMS from ftp.yellowdoglinux.com, rebuilding and
> patching doesn't work on ydl-1.0 - it just doesn't want to let me log in -
> it's probably pam related but I just don't know where...
>
> If no-one knows, is there an updated rpm?
>
> Here's the patch in case you're interested:
>
> --- src/log.c.orig Mon Aug 30 12:28:53 1999
> +++ src/log.c Mon Aug 30 12:29:05 1999
> @@ -111,7 +111,7 @@
> if(xferfd == -1)
> return 0;
>
> - sprintf(buf,"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n",
> + snprintf(buf,sizeof(buf),"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n",
> fmt_time(time(NULL)),xfertime,remhost,fsize,
> fname,xfertype,direction,access,user);
>
> Thanks.
>
> Darron
> darron@fudgehead.com
> <http://darron.odi.ca/>
>
>
Dan
Yellow Dog Linux for Apple G3 and PowerPC
email: dburcaw@yellowdoglinux.com
website: http://www.yellowdoglinux.com/
This archive was generated by hypermail 2a24 : Sun Sep 05 1999 - 13:46:33 MDT