Before I release the exploit, I'd like to give people a chance to fix
the problem.  Here's the patch.  Note that there are other potential
problems; I've been in contact with MacGyver and a new version fixing
this and other stuff should be out within a few days (at this point I
really have no clue if there are exploits possible for the other issues
that might allow breakins; please keep up to date and upgrade as soon as
the new version is available).

Anyhow, here's the patch:

--- proftpd-1.2.0pre6.old/src/main.c    Fri Sep 10 15:49:32 1999
+++ proftpd-1.2.0pre6/src/main.c        Thu Sep 16 01:50:43 1999
@@ -379,7 +379,7 @@
   /* We can overwrite individual argv[] arguments.  Semi-nice.
-  snprintf(Argv[0], maxlen, statbuf);
+  snprintf(Argv[0], maxlen, "%s", statbuf);
   p = &Argv[0][i];

   while(p < LastArgv)

-- that's it.  Amazing how much these little things matter.


Reply via email to