Re: ALERT BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

From: Fyodor (fygraveat_private)
Date: Thu Nov 29 2001 - 09:40:51 PST

Next message: Felix Huber: "Re: def-2001-32 - Allaire JRun directory browsing vulnerability"

Previous message: Indigo: "comphack - Compaq Insight Manager Remote SYSTEM shell"
In reply to: Brad: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Next in thread: David Brownlee: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 28, 2001 at 08:15:33PM -0500, Brad wrote:
> OpenBSD's ftpd exhibits the same behavior, 2.9-stable, 3.0-stable and
> -current.
> 

Due to OpenBSD specific malloc implementation (they keep allocated pageinfo
structs separately from allocated chunks, which could be affected
externally) this bug doesn't seem to be exploitable on OpenBSD though.

(wish it could be;-))

-F
-- 
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1

Next message: Felix Huber: "Re: def-2001-32 - Allaire JRun directory browsing vulnerability"
Previous message: Indigo: "comphack - Compaq Insight Manager Remote SYSTEM shell"
In reply to: Brad: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Next in thread: David Brownlee: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 15:11:58 PST

Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

Re: ALERT BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability