[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock
From: Norbert Warmuth <nwarmuth () PRIVAT ! CIRCULAR ! DE>
Date: 1999-08-30 6:11:36
[Download RAW message or body]
Michal Zalewski writes:
> ------------------
> mc, ftp:// and $()
> ------------------
>
> Compromise: remote/local user's privledges
>
> Midnight Commander ftp client has an overflow while reading server
> responses - long enough message will result in beautiful overflow. Enjoy.
An off-by-one error, hardly to exploit especially since the value written
is always '\0'.
> Also, mc seems to have serious problems with directories containing shell
> commands enclosed in $(...) construction. Bad.
What are you talking about? Please send details to mc-bugs@nuclecu.unam.mx.
If you refer to uncompressing gzip'd files this bug was fixed on
18.08.99 (release 4.5.38).
Regards,
Norbert
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic