Re: ALERT BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

From: Jedi/Sector One (jat_private)
Date: Mon Dec 03 2001 - 12:55:55 PST

Next message: Brett Lymn: "Re: OpenBSD local DoS"

Previous message: Gregory Duchemin: "Allaire JRun ACL bypassing/soure disclosure vulnerability"
In reply to: Morten Poulsen: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Next in thread: Patrick Cantwell: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Dec 03, 2001 at 09:32:25AM +0100, Morten Poulsen wrote:
> > ftp> ls -al ~{
> > Segmentation fault (core dumped)
> No, it's a problem in your client. I can btw reproduce it with the ftp
> client from Linux NetKit 0.16 on LinuxPPC.

  'ls -al <something here>' in a command-line ftp client means to save the
result of 'ls -al' in '<something here>' . 

  <something here> is expanded by your FTP client. The ftp server only sees
'ls -al'. So you are probably triggering the glibc bug locally.

  If you want to send a pattern and ls options, quote the space :

  ls -al\ ~{

  Best regards,
       -Frank.

-- 
           Upgrade your FTP server to something simple and secure
                           http://www.pureftpd.org

Next message: Brett Lymn: "Re: OpenBSD local DoS"
Previous message: Gregory Duchemin: "Allaire JRun ACL bypassing/soure disclosure vulnerability"
In reply to: Morten Poulsen: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Next in thread: Patrick Cantwell: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 15:14:59 PST

Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

Re: ALERT BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability