| Summary: | net-ftp/ftpd: remote hole in linux-ftpd-ssl (CVE-2005-3524) | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Wernfried Haas (RETIRED) <amne> | ||||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | critical | ||||||||
| Priority: | High | ||||||||
| Version: | unspecified | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| URL: | http://seclists.org/lists/fulldisclosure/2005/Nov/0140.html | ||||||||
| Whiteboard: | B1 [glsa] jaervosz | ||||||||
| Package list: | Runtime testing required: | --- | |||||||
| Attachments: |
|
||||||||
|
Description
Wernfried Haas (RETIRED)
2005-11-05 10:08:22 UTC
Looks for real, the vsprintf in reply() looks like the target. Created attachment 72248 [details, diff]
fixes BOF in reply() in ftpd.c ssl version - vsprintf to vsnprintf
simple patch, apply after applying linux-ftpd-0.17+ssl-0.3.diff.
No maintainer, security should patch it asap. Downgrading as it needs some kind of power-user access (ftp user with write access). Should still be patched though :) ftpd-0.17-r2 added with minimal testing Created attachment 72306 [details, diff]
linux-ftpd-0.17-ssl.patch
The ssl patch in general is pretty messy and there are lots of assumptions made
with buffers. Lots of code in the addon patch was simply #if 0 .. #endif which
made up for alot of it's size. The patch is also in $FILESDIR is also
compressed.
(more slop) We need to move that out of there and onto the mirrors with a
proper
name. Attached is a smaller untested patch which cleans up things I did not
care
for/trust with the patch/pkg in question.
Daniel, is -r2 ready to be marked stable otherwise plase provide an updated ebuild. ftpd-0.17-r3 ready thanks to Ned Stable on x86 Keep on SPARCin' alpha stable. amd64 stable GLSA 200511-11 |