In message <35684.24.51.95.122.1006990579.squirrelat_private> so spake "script0r" (script0r): > I am running the a linux port of the bsd ftpd and it might be vulnerable to > a similar attack, It depends entirely on your glob(3) implementation since unlike wu-ftpd, any port of the OpenBSD ftpd that doesn't include a private glob.c will just use the one in your own libc. We fixed a bunch of potential glob(3) problems in OpenBSD's glob.c a while ago (though there may be more lurking--that is nasty code!). - todd
This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 19:54:48 PST