5898610 2000-12-28 13:13 -0800  /23 rader/ Trenholme, Sam <bugtraq@THEOPHILUS.REACHIN.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2000-12-29  18:00  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: bugtraq@THEOPHILUS.REACHIN.COM
Mottagare: Bugtraq (import) <14538>
Ärende: Linux port of OpenBSD ftpd patched
------------------------------------------------------------
From: "Trenholme, Sam" <bugtraq@THEOPHILUS.REACHIN.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <Pine.LNX.4.30.0012281306060.6498-100000@theophilus.reachin.com>

I have patched David Madore's Linux port of OpenBSD's ftpd against
the problems present in replydirname().  While the word is that Linux
is not currently exploitable, it is better to be safe than sorry.

I have also patched against the setproctitle() problems previously
reported here, even though they are a non-issue due to the manner
David Madore ported OpenBSD's FTPD to Linux.

The patches are against the 0.2.3 release of ftpd-BSD (David Madore's
name for the port), and are available in RPM format here:

	http://www.samiam.org/rpms/

David Madore: Thank you for your hard work porting OpenBSD ftpd to
Linux.  I hope an official patched release will come to light soon.

- Sam
(5898610) --------------------------------(Ombruten)