OpenBSD Information for VU#593299

BSD-derived ftpd replydirname() in ftpd.c contains one-byte overflow



Vendor Statement

OpenBSD made a patch available to fix this problem on December 4, 2000 in OpenBSD 2.8 Errata 005: SECURITY FIX: Dec 4, 2000:

An OpendBSD Security Advisory: Single-byte buffer overflow vulnerability in ftpd, was published on December 18, 2000:

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.