On Fri, Feb 02, 2001 at 03:04:31PM -0800, Kris Kennaway wrote:
> > BTW. Old BSD derived ftpd is also used in opieftpd and SSLftpd. Both are
> > vulnerable to this attack.
> In case anyone is wondering how old is old:
The same problem persists in heimdal / kerberosIV ftpd implementation:
heimdal/appl/ftp/ftpd/popen.c and kerberosIV/appl/ftp/ftpd/popen.c:
char **pop, *argv[100], *gargv[1000];
/* break up string into pieces */
foo = NULL;
for (argc = 0, cp = program;; cp = NULL) {
if (!(argv[argc++] = strtok_r(cp, " \t\n", &foo)))
break;
}
Both are based on BSD derived ftpd version 6.00.
--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: [EMAIL PROTECTED] ** PGP: D48684904685DF43EA93AFA13BE170BF *
