Add a PATCH_FILE to close a security hole in wu-ftpd.

Quoted from wu-ftpd group's accouncement:

    Due to insufficient bounds checking on directory name lengths which can
    be supplied by users, it is possible to overwrite the static memory
    space of the wu-ftpd daemon while it is executing under certain
    configurations.  By having the ability to create directories and
    supplying carefully designed directory names to the wu-ftpd, users may
    gain privileged access.

PR:		13475
Submitted by:	jack@germanium.xtalwind.net
This commit is contained in:
Chris Piazza 1999-08-30 19:14:07 +00:00
parent 0026d832e3
commit 58ca2806f3
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=21133
4 changed files with 8 additions and 0 deletions

View File

@ -12,6 +12,9 @@ DISTNAME= wu-ftpd-2.5.0
CATEGORIES= ftp
MASTER_SITES= ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd/
PATCH_SITES= ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/
PATCHFILES= mapped.path.overrun.patch
MAINTAINER= ache@FreeBSD.org
Y2K= http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html#QA35

View File

@ -1 +1,2 @@
MD5 (wu-ftpd-2.5.0.tar.gz) = 98f9c8490e0d1ca2c3c57e60e65803b7
MD5 (mapped.path.overrun.patch) = b01b65652eb3816f0ab11971ac52424d

View File

@ -12,6 +12,9 @@ DISTNAME= wu-ftpd-2.5.0
CATEGORIES= ftp
MASTER_SITES= ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd/
PATCH_SITES= ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/
PATCHFILES= mapped.path.overrun.patch
MAINTAINER= ache@FreeBSD.org
Y2K= http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html#QA35

View File

@ -1 +1,2 @@
MD5 (wu-ftpd-2.5.0.tar.gz) = 98f9c8490e0d1ca2c3c57e60e65803b7
MD5 (mapped.path.overrun.patch) = b01b65652eb3816f0ab11971ac52424d