OpenBSD's ftpd exhibits the same behavior, 2.9-stable, 3.0-stable and -current. // Brad bradat_private bradat_private >The FreeBSD ftpd on at least FreeBSD 4.4 and FreeBSD 5.0-current does >not crash but simply provides a normal 'ls' output even though script0r >sees his Linux port of the (Open)BSD ftpd crashing. > >-- >Andre > > >script0r wrote: >> >> > >> > -------------------------------------------------------------------------- >> - >> > Security Alert >> > >> > Subject: Wu-Ftpd File Globbing Heap Corruption Vulnerability >> > BUGTRAQ ID: 3581 CVE ID: CVE-MAP-NOMATCH >> > Published: Nov 27, 2001 Updated: Nov 28, 2001 >> > 01:12:56 >> > >> > Remote: Yes Local: No >> > Availability: Always Authentication: Not Required >> > Credibility: Vendor Confirmed Ease: No Exploit >> > Available Class: Failure to Handle Exceptional Conditions >> > >> > Impact: 10.0 Severity: 10.0 Urgency: 8.2 >> > >> > Last Change: Initial analysis. >> > -------------------------------------------------------------------------- >> >> I am running the a linux port of the bsd ftpd and it might be vulnerable to >> a similar attack, >> >> ftp localhost >> Connected to localhost. >> 220 playlandFTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready. >> Name (localhost:user): ftp >> 331 Guest login ok, type your name as password. >> Password: >> 230 Guest login ok, access restrictions apply. >> Remote system type is UNIX. >> Using binary mode to transfer files. >> ftp> ls ~{ >> 200 PORT command successful. >> 421 Service not available, remote server has closed connection >> >> in inetd I find an error stating that the ftpd process has died unexpectedly >> >> Nov 28 14:21:28 playland inetd[82]: pid 16341: exit signal 11
This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 19:58:43 PST