http://seclists.org/lists/fulldisclosure/2005/Nov/0140.html describes a hole in linux-ftpd-ssl. I don't know if the exploit works and i'm not even sure if it even affects Gentoo, but there's * net-ftp/ftpd Latest version available: 0.17-r1 Description: The netkit FTP server with optional SSL support in portage. I assume this could be the same ftpd the mail is about. If not - sorry for the waste of time. ;-) Reproducible: Always Steps to Reproduce:
Looks for real, the vsprintf in reply() looks like the target.
Created attachment 72248 [details, diff] fixes BOF in reply() in ftpd.c ssl version - vsprintf to vsnprintf simple patch, apply after applying linux-ftpd-0.17+ssl-0.3.diff.
No maintainer, security should patch it asap.
Downgrading as it needs some kind of power-user access (ftp user with write access). Should still be patched though :)
ftpd-0.17-r2 added with minimal testing
Created attachment 72306 [details, diff] linux-ftpd-0.17-ssl.patch The ssl patch in general is pretty messy and there are lots of assumptions made with buffers. Lots of code in the addon patch was simply #if 0 .. #endif which made up for alot of it's size. The patch is also in $FILESDIR is also compressed. (more slop) We need to move that out of there and onto the mirrors with a proper name. Attached is a smaller untested patch which cleans up things I did not care for/trust with the patch/pkg in question.
Daniel, is -r2 ready to be marked stable otherwise plase provide an updated ebuild.
ftpd-0.17-r3 ready thanks to Ned
Stable on x86
Keep on SPARCin'
alpha stable.
amd64 stable
GLSA 200511-11