In the profound words of Przemyslaw Frasunek:
>
> On Fri, Feb 02, 2001 at 03:08:12PM -0800, Ted U wrote:
> > tested on qnx rtp as released on jan. 18 from get.qnx.com. doesn't work.
> > i tried significantly more a's and nothing happens. i get the normal
> > repsonse from stat.
>
> Are you sure?
On Fri, Feb 02, 2001 at 03:08:12PM -0800, Ted U wrote:
> tested on qnx rtp as released on jan. 18 from get.qnx.com. doesn't work.
> i tried significantly more a's and nothing happens. i get the normal
> repsonse from stat.
Are you sure? This is output from the same version of QNX RTP, downloade
tested on qnx rtp as released on jan. 18 from get.qnx.com. doesn't work.
i tried significantly more a's and nothing happens. i get the normal
repsonse from stat.
/-\
/ Ted Unangst - [EMAIL PROTECTED] http://heorot.stanford
On Fri, Feb 02, 2001 at 03:04:31PM -0800, Kris Kennaway wrote:
> > BTW. Old BSD derived ftpd is also used in opieftpd and SSLftpd. Both are
> > vulnerable to this attack.
> In case anyone is wondering how old is old:
The same problem persists in heimdal / kerberosIV ftpd implementation:
hei
On Fri, Feb 02, 2001 at 08:03:09PM +0100, Przemyslaw Frasunek wrote:
> BTW. Old BSD derived ftpd is also used in opieftpd and SSLftpd. Both are
> vulnerable to this attack.
In case anyone is wondering how old is old:
revision 1.5
date: 1996/11/20 22:12:50; aut
QNX RTP uses a BSD derived FTP server, which is vulnerable to strtok()
based stack overflow.
Offending code from ftpd/popen.c:
char **pop, *argv[100], *gargv[1000], *vv[2];
for (argc = 0, cp = program;; cp = NULL)
if (!(argv[argc++] = strtok(cp, " \t\n")))