[plug] (Fwd) Re: Local exploit for TrollFTPD-1.26
J
j at vrl.com.au
Mon Aug 13 23:01:56 WST 2001
Found this on bugtraq. Seems like a good idea.
Now, I have a problem, I have a linux gateway/firewall with a few w2k
boxen behind.
IIS does not *seem* to support virtual domains for ftp. Not to mention
that it is a buffer overflow waiting to happen.
So, I could put a 'secure'(ish) ftp with virtual domains on my gateway
(or another linux box), and smbmount the directories on the webserver's
behind it. Or is this madness?
Anyone want to comment on the security implication of this?
------- Forwarded Message Follows -------
Date sent: Mon, 13 Aug 2001 11:22:49 +0200
From: "Jedi/Sector One (Frank DENIS)" <j at jedi.claranet.fr>
To: bugtraq at securityfocus.com
Subject: Re: Local exploit for TrollFTPD-1.26
Pure-FTPd is a derivative of TrollFTPd 1.26.
However, it doesn't seem to be vulnerable to this attack. The bound
checking added in TrollFTPD 1.27 have already been implemented in the very
first version of Pureftpd.
http://www.pureftpd.org
Best regards,
-Frank.
More information about the plug
mailing list