[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote hole in ftpd that can lead to root compromise

To: Kristian Vlaardingerbroek <kris@obit.nl>
Subject: Re: Remote hole in ftpd that can lead to root compromise
From: Camiel Dobbelaar <dobbe@xs4all.nl>
Date: Mon, 4 Dec 2000 11:27:38 +0100 (CET)
Cc: bugs@openbsd.org


ftpd is not enabled in the default install since 2.6.

--
Cam

On Mon, 4 Dec 2000, Kristian Vlaardingerbroek wrote:
> Well I'm sorry to report you that your 3 years of remote safeness have
> just ended. Due to a off-by-one bug in the void replydirname(name,
> message), it is possible to gain remote root on an OpenBSD machine (and
> any other OS capable of running the BSD ftpd daemon).

References:
- Remote hole in ftpd that can lead to root compromise
  - From: Kristian Vlaardingerbroek <kris@obit.nl>

Prev by Date: Re: Remote hole in ftpd that can lead to root compromise
Next by Date: Ftpd Help
Prev by thread: Re: Remote hole in ftpd that can lead to root compromise
Next by thread: Re: Remote hole in ftpd that can lead to root compromise
Index(es):
- Date
- Thread