Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Mon, 8 Jan 2001 16:10:41 +0100
From: Przemyslaw Frasunek <[email protected]>
To: [email protected]
Subject: wuftpd 2.6.1 -- example of bad coding

Hello,

There are two non-exploitable format string bugs in wuftpd 2.6.1.

ftpd.c:6272

    if (debug) {
        char *s = calloc(128 + strlen(remoteident), sizeof(char));
        if (s) {
            int i = ntohs(pasv_addr.sin_port);
            sprintf(s, "PASV port %i assigned to %s", i, remoteident);
/* here */  syslog(LOG_DEBUG, s);
            free(s);
        }
    }

ftpd.c:6288

    if (debug) {
        char *s = calloc(128 + strlen(remoteident), sizeof(char));
        if (s) {
            sprintf(s, "PASV port assignment assigned for %s", remoteident);
/* here */  syslog(LOG_DEBUG, s);
            free(s);
        }
    }

Example:

riget:venglin:~> tail -n1 /etc/hosts
212.182.115.2           riget%p%p%p%p%p%p%p%p%p%p.scene.pl riget
riget:venglin:~> tail -n2 /var/log/debug
Jan  8 14:28:03 riget ftpd[53990]: command: pasv^M
Jan  8 14:28:03 riget ftpd[53990]: PASV port 17355 assigned to riget0xbfbff1640x80536440x807c2000x8066c210x43cb0x80791000xe0x5c0x960x28085000.scene.pl [212.182.115.2]

--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: [email protected] ** PGP: D48684904685DF43EA93AFA13BE170BF *

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: