Date: Fri, 17 Sep 1999 16:15:11 -0500
From: Tymm Twillman <[email protected]>
To: [email protected]Subject: proftpd 1.2.0pre6 patch
Before I release the exploit, I'd like to give people a chance to fix
the problem. Here's the patch. Note that there are other potential
problems; I've been in contact with MacGyver and a new version fixing
this and other stuff should be out within a few days (at this point I
really have no clue if there are exploits possible for the other issues
that might allow breakins; please keep up to date and upgrade as soon as
the new version is available).
Anyhow, here's the patch:
<cut>
--- proftpd-1.2.0pre6.old/src/main.c Fri Sep 10 15:49:32 1999
+++ proftpd-1.2.0pre6/src/main.c Thu Sep 16 01:50:43 1999
@@ -379,7 +379,7 @@
#if PF_ARGV_TYPE == PF_ARGV_WRITEABLE
/* We can overwrite individual argv[] arguments. Semi-nice.
*/
- snprintf(Argv[0], maxlen, statbuf);
+ snprintf(Argv[0], maxlen, "%s", statbuf);
p = &Argv[0][i];
while(p < LastArgv)
</cut>
-- that's it. Amazing how much these little things matter.
-Tymm
