From owner-freebsd-security  Fri Jun 23 10:13:40 2000
Delivered-To: freebsd-security@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id 0085337C3B5
	for <freebsd-security@FreeBSD.ORG>; Fri, 23 Jun 2000 10:13:32 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id NAA49665;
	Fri, 23 Jun 2000 13:13:19 -0400 (EDT)
	(envelope-from wollman)
Date: Fri, 23 Jun 2000 13:13:19 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200006231713.NAA49665@khavrinen.lcs.mit.edu>
To: Mike Silbersack <silby@silby.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Fwd: WuFTPD: Providing *remote* root since at least1994
In-Reply-To: <Pine.BSF.4.21.0006222230390.65791-100000@achilles.silby.com>
References: <4.2.2.20000622201823.0479a690@mail.sentex.net>
	<Pine.BSF.4.21.0006222230390.65791-100000@achilles.silby.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<<On Thu, 22 Jun 2000 22:34:30 -0500 (CDT), Mike Silbersack <silby@silby.com> said:

> (Does anyone actually still run it?)

Absolutely.

Here's a patch (mangled by cut&paste) which hacks around the problem.
Stick it in patches/patch-ftpcmd.y-MIT-IS for best results.  This hack
was put together by MIT Information Systems as a stopgap until the
wu-ftpd developers come up with an official fix.

*** src/ftpcmd.y.old    Fri Jun 23 00:44:11 2000
- --- src/ftpcmd.y        Fri Jun 23 00:48:36 2000
***************
*** 1460,1469 ****
- --- 1460,1474 ----
            if (wu_getline(cbuf, sizeof(cbuf) - 1, stdin) == NULL) {
                (void) alarm(0);
                reply(221, "You could at least say goodbye.");
                dologout(0);
            }
+           else if (strchr(cbuf, '%')) {
+               (void) alarm(0);
+               reply(421, "The command line contained a %% character.");
+               dologout(0);
+           }
  #ifndef IGNORE_NOOP
            (void) alarm(0);
  #endif
            if ((cp = strchr(cbuf, '\r'))) {
                *cp++ = '\n';
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE5U5qlI+eG6b7tlG4RAqNBAJ9dLOLVO3hBhNM22gBMtrJYttCO0ACgobsD
E9wtuVVqPIpjNoBO0hY3Dqo=
=fbsD
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message