Bug#216757: marked as done (Strange human-readable part of response to USER command)

Tue, 27 Dec 2011 13:24:21 -0800 

Your message dated Tue, 27 Dec 2011 22:20:36 +0100
with message-id <[email protected]>
and subject line Re: Bug#216757: inetutils-ftpd: buffer overflow in ftpd
has caused the Debian Bug report #216757,
regarding Strange human-readable part of response to USER command
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
216757: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=216757
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: inetutils-ftpd
Version: 2:1.4.2+20030703-8
Severity: grave
Tags: upstream, security

rmh@aragorn:~$ nc localhost 21
220 aragorn FTP server (GNU inetutils 1.4.2) ready.
user aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
530 <weird random bytes>
^D

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux aragorn 2.2.25 #1 Fri Jun 20 19:28:33 EST 2003 i686
Locale: LANG=ca_ES@euro, LC_CTYPE=ca_ES@euro

Versions of packages inetutils-ftpd depends on:
ii  libc6                         2.3.2-8    GNU C Library: Shared libraries an
ii  netbase                       4.14       Basic TCP/IP networking system
ii  zlib1g                        1:1.1.4-16 compression library - runtime

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 2:1.8-5

On Sun, 2011-11-13 at 18:33:30 +0100, Simon Josefsson wrote:
> fixed 216757 2:1.8-5
> thanks
> 
> I believe this bug has been fixed in more recent version, including the
> latest 1.8 upload so I am tagging it as such.  See transcript:
> 
> root@sid:~# nc localhost 21
> 220 sid.josefsson.org FTP server (GNU inetutils 1.8) ready.
> user aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> 530 User aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa access
> denied.
> quit
> 221 Goodbye.
> root@sid:~# 

Thanks, closing now.

regards,
guillem

--- End Message ---

Reply via email to