RE: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

• Previous message: Jonathan G. Lampe: "RE: File extensions spoofable in MSIE download dialog"
• In reply to: Junius, Martin: "RE: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
• Next in thread: Fred Mobach: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

just to help complete the list of "ok"/"not ok" systems, neither the 
AIX 4.3.3-ML08 ftpd daemon nor the Mac OS X 10.1.1/Darwin 5.1 ftpd 
daemon  appear to be vulnerable.

At 5:46 PM +0100 11/29/01, Junius, Martin wrote:
>
>
>I just did some tests with RedHat 7.2, glibc-2.2.4-19, and ftpd-BSD-0.3.2.
>"ls ~{" makes the ftpd process die in glibc´s glob(pattern="~{", ...)
>function with a SEGV. Beside that ftpd-BSD uses globfree() to release
>the memory. So as long as glibc's glob() is safe, ftpd-BSD *should*
>be safe against this exploit.
>
>On RedHat 6.2, glibc-2.1.3-22, "ls ~{" simply returns "No such file
>or directory".
>
>Martin


-- 
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   Sandor W. Sklar  -  Unix Systems Administrator  -  Stanford University ITSS
   Non impediti ratione cogitationis.   <http://whippet.stanford.edu/~ssklar/>
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

• Next message: Izik: "UUCP"
• Previous message: Jonathan G. Lampe: "RE: File extensions spoofable in MSIE download dialog"
• In reply to: Junius, Martin: "RE: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
• Next in thread: Fred Mobach: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 13:15:00 PST