Re: ALERT BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

From: Rick Kelly (rmkat_private)
Date: Thu Nov 29 2001 - 16:07:19 PST

Next message: Immunix Security Team: "Immunix 7.0 wu-ftpd format string bug"

Previous message: Felix Huber: "Re: def-2001-32 - Allaire JRun directory browsing vulnerability"
In reply to: David Brownlee: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Next in thread: Todd C. Miller: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Brownlee said:

>	Can confirm 'ls ~{' runs without problem by ftp on NetBSD
>	1.5.2, 1.4.1, and 1.3.2 systems.

ftp.rmkhome.com is NetBSD/i386 1.4.1 with wuftpd 2.6.1

I applied the patches from the wuftpd ftp site.

This is what I see now:

/home/rmk> ftp ftp.rmkhome.com 
Connected to tencats.rmkhome.com.
220 tencats.rmkhome.com FTP server (Version wu-2.6.1(3) Thu Nov 29 14:15:29 MST 2001) ready.

Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
500 'EPSV': command not understood.
227 Entering Passive Mode (216,17,154,228,54,106)
550 Missing }
ftp> 

Looks good to me.
-- 
Rick Kelly  rmkat_private  www.rmkhome.com

Next message: Immunix Security Team: "Immunix 7.0 wu-ftpd format string bug"
Previous message: Felix Huber: "Re: def-2001-32 - Allaire JRun directory browsing vulnerability"
In reply to: David Brownlee: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Next in thread: Todd C. Miller: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 07:46:08 PST

Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

Re: ALERT BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability