Bugzilla – Attachment 16171 Details for
Bug 49995
VUL-0: CVE-2004-0148: wuftpd: break chroot
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
wu-ftpd-CAN-2004-0148.diff
wu-ftpd-CAN-2004-0148.diff (text/plain), 967 bytes, created by
Thomas Biege
on 2004-02-25 20:36:55 UTC
(
hide
)
Description:
wu-ftpd-CAN-2004-0148.diff
Filename:
MIME Type:
Creator:
Thomas Biege
Created:
2004-02-25 20:36:55 UTC
Size:
967 bytes
patch
obsolete
>diff -u wu-ftpd-2.6.2/src/ftpd.c wu-ftpd-2.6.2/src/ftpd.c >--- wu-ftpd-2.6.2/src/ftpd.c >+++ wu-ftpd-2.6.2/src/ftpd.c >@@ -3194,7 +3194,7 @@ > pw->pw_name, pw->pw_dir); > goto bad; > #else >- if (chdir("/") < 0) { >+ if (restricted_user || chdir("/") < 0) { > #ifdef VERBOSE_ERROR_LOGING > syslog(LOG_NOTICE, "FTP LOGIN FAILED (cannot chdir) for %s, %s", > remoteident, pw->pw_name); >diff -u wu-ftpd-2.6.2/debian/changelog wu-ftpd-2.6.2/debian/changelog >--- wu-ftpd-2.6.2/debian/changelog >+++ wu-ftpd-2.6.2/debian/changelog >@@ -1,3 +1,11 @@ >+wu-ftpd (2.6.2-3woody3) stable-security; urgency=high >+ >+ * Non-maintainer upload by the Security Team >+ * Fix bug allowing restricted users to escape from their home dir by denying >+ themselves access to it (CAN-2004-0148) >+ >+ -- Matt Zimmerman <mdz@debian.org> Tue, 24 Feb 2004 13:05:42 -0800 >+ > wu-ftpd (2.6.2-3woody2) stable-security; urgency=high > > * Non-maintainer upload by the Security Team
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=16171">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 49995
:
16170
|
16171
|
16202