bin/77158: Buffer Overflow in lukemftp
Ryoji Kanai
rkanai at eeye.com
Sat Feb 5 20:30:27 PST 2005
>Number: 77158
>Category: bin
>Synopsis: Buffer Overflow in lukemftp
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Feb 06 04:30:26 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Ryoji Kanai
>Release: FreeBSD 6.0-CURRENT
>Organization:
eEye Digital Security
>Environment:
FreeBSD unicorn 6.0-CURRENT FreeBSD 6.0-CURRENT #1: Sun Jan 16 15:45:21 PST 2005 kanai at unicorn:/usr/obj/usr/src/sys/UNICORN i386
>Description:
A buffer overflow exists in ftp(lukemftp).
>How-To-Repeat:
Just use long filename. ex:
ftp> get aaaaaaaaaaaa... (over 1024 = BUFSIZ)
Segmentation fault (core dumped)
>Fix:
main.c:668 is a problem. fix thie code.
> memcpy(line, buf, num);
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list