Subject: Re: ProFTPD Root Exploit...
From: Dan Burcaw (email@example.com)
Date: Sun Aug 29 1999 - 19:49:42 MDT
I've been preparing an updated RPM. It'll be available later tonight or
early tomorrow morning.
On Sun, 29 Aug 1999, Darron Froese wrote:
> There's a lovely remote root exploit available for ProFTPD.
> Question to all: How come, I can patch the source for proftpd on my intel
> linux box and it works just fine while getting the tarball (from
> www.proftpd.org) or SRPMS from ftp.yellowdoglinux.com, rebuilding and
> patching doesn't work on ydl-1.0 - it just doesn't want to let me log in -
> it's probably pam related but I just don't know where...
> If no-one knows, is there an updated rpm?
> Here's the patch in case you're interested:
> --- src/log.c.orig Mon Aug 30 12:28:53 1999
> +++ src/log.c Mon Aug 30 12:29:05 1999
> @@ -111,7 +111,7 @@
> if(xferfd == -1)
> return 0;
> - sprintf(buf,"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n",
> + snprintf(buf,sizeof(buf),"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n",
Yellow Dog Linux for Apple G3 and PowerPC
This archive was generated by hypermail 2a24 : Sun Sep 05 1999 - 13:46:33 MDT