Vincent wrote:
As computer science students, a friend and I have just ended a study on buffer
overflows and the existing protections a Linux system may use against them.
This study deals with the various kinds of overflows (heap, stack) to
understand how they work and how they may be used to
also sprach Noah Meyerhans [EMAIL PROTECTED] [2002.03.29.2149 +0100]:
No, it is in fact not fixed. We are still vulnerable. I have confirmed
this myself with the proftpd packages from security.debian.org.
If you don't believe me, try it...
i did. and it wasn't vulnerable. i will try again
so proftpd_1.2.0pre10-2.0potato1_i386.deb is buggy. and that's known
for over a year, supposedly. i can't NMU yet, so someone please
rebuild the package, add the following to the Global context of
/etc/proftpd.conf
DenyFilter \*.*/
and then NMU it, or Johnie's listening and will do it
dear bugtraq'ers,
i must confess that the information i provided wrt the acclaimed DoS
exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was
not fully accurate. the package *does in fact contain a buggy daemon*
despite having been fixed, according to the changelog:
proftpd
On Fri, Mar 29, 2002 at 10:47:18PM +0100, martin f krafft wrote:
so proftpd_1.2.0pre10-2.0potato1_i386.deb is buggy. and that's known
for over a year, supposedly. i can't NMU yet, so someone please
rebuild the package, add the following to the Global context of
/etc/proftpd.conf
also sprach Noah Meyerhans [EMAIL PROTECTED] [2002.03.29.2332 +0100]:
Such a package has existed at http://people.debian.org/~ivo/ for over a
year.
okay, but noone knows about it. why isn't it on security.debian.org
yet???
--
martin; (greetings from the heart of the sun.)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
martin f krafft wrote:
also sprach Noah Meyerhans [EMAIL PROTECTED] [2002.03.29.2332 +0100]:
Such a package has existed at http://people.debian.org/~ivo/ for over a
year.
okay, but noone knows about it. why isn't it on security.debian.org
yet???
Beats me...
Ivo
--
Hey, it
also sprach Noah Meyerhans [EMAIL PROTECTED] [2002.03.29.2149 +0100]:
No, it is in fact not fixed. We are still vulnerable. I have confirmed
this myself with the proftpd packages from security.debian.org.
If you don't believe me, try it...
i did. and it wasn't vulnerable. i will try again
dear bugtraq'ers,
i must confess that the information i provided wrt the acclaimed DoS
exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was
not fully accurate. the package *does in fact contain a buggy daemon*
despite having been fixed, according to the changelog:
proftpd
so proftpd_1.2.0pre10-2.0potato1_i386.deb is buggy. and that's known
for over a year, supposedly. i can't NMU yet, so someone please
rebuild the package, add the following to the Global context of
/etc/proftpd.conf
DenyFilter \*.*/
and then NMU it, or Johnie's listening and will do it himself.
On Fri, Mar 29, 2002 at 10:47:18PM +0100, martin f krafft wrote:
so proftpd_1.2.0pre10-2.0potato1_i386.deb is buggy. and that's known
for over a year, supposedly. i can't NMU yet, so someone please
rebuild the package, add the following to the Global context of
/etc/proftpd.conf
also sprach Noah Meyerhans [EMAIL PROTECTED] [2002.03.29.2332 +0100]:
Such a package has existed at http://people.debian.org/~ivo/ for over a
year.
okay, but noone knows about it. why isn't it on security.debian.org
yet???
--
martin; (greetings from the heart of the sun.)
\
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
14 matches
Mail list logo