Re: ProFTPD - Problems in file globbing, gives segmentation fault.

From: Edsel Adap (edselat_private)
Date: Wed Dec 19 2001 - 08:25:59 PST

Next message: IRM Security Advisories: "IRM Security Advisory 002: Netware Web Server Source Disclosure"

Previous message: Tabor J. Wells: "[ph10at_private: [Exim] Potential security problem]"
In reply to: Mattias _: "ProFTPD - Problems in file globbing, gives segmentation fault."
Next in thread: Rink Springer: "Re: ProFTPD - Problems in file globbing, gives segmentation fault."
Reply: Rink Springer: "Re: ProFTPD - Problems in file globbing, gives segmentation fault."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 19, 2001 at 02:22:40PM +0100, Mattias _ wrote:
> 1.2.4 (but it’s fixed in the Candidate version: 1.2.5rc1). This
> is very similar to the wu-ftpd bug (“ls ~{”) and occurs when you issue
> the command: ls /////////// (11 or more ‘/’). I haven’t figured out if
> it’s exploitable. That’s why I post it to you guys. :-)
> 
> AFFECTED VERSIONS
> =================
> ProFTPD 1.2.4
> ProFTPD 1.2.2rc3
> (Others may be affected as well.)
> 
> SYSTEMS
> =======
> This is tested on Slackware 8.

I tested this on Debian 2.2 with proftpd 1.2.0pre10 and it doesn't seem
to be vulnerable.

Next message: IRM Security Advisories: "IRM Security Advisory 002: Netware Web Server Source Disclosure"
Previous message: Tabor J. Wells: "[ph10at_private: [Exim] Potential security problem]"
In reply to: Mattias _: "ProFTPD - Problems in file globbing, gives segmentation fault."
Next in thread: Rink Springer: "Re: ProFTPD - Problems in file globbing, gives segmentation fault."
Reply: Rink Springer: "Re: ProFTPD - Problems in file globbing, gives segmentation fault."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 11:39:44 PST