Re: ProFTPD - Problems in file globbing, gives segmentation fault.

From: Rink Springer (rinkat_private)
Date: Wed Dec 19 2001 - 09:50:33 PST

Next message: Anton Rager: "Linux distributions and /bin/login overflow"

Previous message: Jake: "Re: wmcube-gdk is vulnerable to a local exploit"
In reply to: Edsel Adap: "Re: ProFTPD - Problems in file globbing, gives segmentation fault."
Next in thread: Markus Kovero: "Re: ProFTPD - Problems in file globbing, gives segmentation fault."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ProFTPd 1.2.4 on FreeBSD 4.4-RELEASE gives this in /var/log/messages:

----
Dec 19 17:49:16 thallium proftpd
Dec 19 17:49:16 thallium in free():
Dec 19 17:49:16 thallium warning:
Dec 19 17:49:16 thallium junk pointer, too high to make sense.
----

Repeated a douzen times... the FTP daemon does not crash, however.

--Rink

> On Wed, Dec 19, 2001 at 02:22:40PM +0100, Mattias _ wrote:
> > 1.2.4 (but it's fixed in the Candidate version: 1.2.5rc1). This
> > is very similar to the wu-ftpd bug ("ls ~{") and occurs when you issue
> > the command: ls /////////// (11 or more '/'). I haven't figured out if
> > it's exploitable. That's why I post it to you guys. :-)
> > 
> > AFFECTED VERSIONS
> > =================
> > ProFTPD 1.2.4
> > ProFTPD 1.2.2rc3
> > (Others may be affected as well.)
> > 
> > SYSTEMS
> > =======
> > This is tested on Slackware 8.

Next message: Anton Rager: "Linux distributions and /bin/login overflow"
Previous message: Jake: "Re: wmcube-gdk is vulnerable to a local exploit"
In reply to: Edsel Adap: "Re: ProFTPD - Problems in file globbing, gives segmentation fault."
Next in thread: Markus Kovero: "Re: ProFTPD - Problems in file globbing, gives segmentation fault."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 15:19:49 PST