OpenBSD Information for VU#593299

BSD-derived ftpd replydirname() in ftpd.c contains one-byte overflow

Status

Affected

Vendor Statement

OpenBSD made a patch available to fix this problem on December 4, 2000 in OpenBSD 2.8 Errata 005: SECURITY FIX: Dec 4, 2000:

http://www.openbsd.org/errata.html#ftpd

An OpendBSD Security Advisory: Single-byte buffer overflow vulnerability in ftpd, was published on December 18, 2000:

http://www.openbsd.org/advisories/ftpd_replydirname.txt

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.