Hi,
Note that user takes the value "user@host" given at password prompt
for anonymous access (forgetting any potential dns attacks into remhost)
This allows anyone to smash the stack just with an anonymous access
and a file to download.
(see last published exploits.)
Regards,
Pascal
On Mon, Aug 30, 1999 at 07:42:44PM +1200, Nic Bellamy wrote:
> - sprintf(buf,"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n",
> + snprintf(buf,sizeof(buf),"%s %d %s %lu %s %c _ %c %c %s ftp 0 *\n",
> fmt_time(time(NULL)),xfertime,remhost,fsize,
> fname,xfertype,direction,access,user);
>
> To exploit the bug, the attacker must have permission to create
> directories and store files.
>
> Regards,
> Nic.
>
> -- Nic Bellamy <[EMAIL PROTECTED]>
> J. Random Coder.
--
Pascal Bouchareine
Administration systemes/reseaux - CERTIX
Tel: +33 1 40 34 43 57
Fax: +33 1 40 35 09 98
