13475 – Security hole in wu-ftpd 2.5.0

Bug 13475 - Security hole in wu-ftpd 2.5.0

Summary: Security hole in wu-ftpd 2.5.0

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-ports (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	1999-08-30 20:00 UTC by jack
Modified:	1999-08-30 20:14 UTC (History)
CC List:	0 users

See Also:

Attachments
file.diff (766 bytes, patch) 1999-08-30 20:00 UTC, jack	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jack 1999-08-30 20:00:01 UTC

Quoted from wu-ftpd group's accouncement:

    Due to insufficient bounds checking on directory name lengths which can
	be supplied by users, it is possible to overwrite the static memory
	space of the wu-ftpd daemon while it is executing under certain
	configurations.  By having the ability to create directories and
	supplying carefully designed directory names to the wu-ftpd, users may
	gain privileged access.

Fix: apply their patch

Comment 1 cpiazza freebsd_committer

1999-08-30 20:14:10 UTC

State Changed
From-To: open->closed

Committed, thanks!!