Michal Zalewski writes: > ------------------ > mc, ftp:// and $() > ------------------ > > Compromise: remote/local user's privledges > > Midnight Commander ftp client has an overflow while reading server > responses - long enough message will result in beautiful overflow. Enjoy. An off-by-one error, hardly to exploit especially since the value written is always '\0'. > Also, mc seems to have serious problems with directories containing shell > commands enclosed in $(...) construction. Bad. What are you talking about? Please send details to [EMAIL PROTECTED] If you refer to uncompressing gzip'd files this bug was fixed on 18.08.99 (release 4.5.38). Regards, Norbert
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD /... Andreas Jaeger
- Re: ... / wu-ftpd <=2.5 / ... Volker Borchert
- Re: ... / wu-ftpd <=2.5 / ... Gregory A Lundberg
- Re: ... / wu-ftpd <=2.5 / ... Jason Downs
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD /... Michael K. Johnson
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroF... Michal Zalewski
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD /... Michael K. Johnson
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroF... Michal Zalewski
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD /... Olaf Kirch
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroF... Benjamin Smee
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD /... Norbert Warmuth
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroF... David Wagner
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroF... Norbert Warmuth