Hi
On Mon, Apr 30, 2001 at 09:00:20PM -0400, Matt Power wrote:
> I've recently noticed some incorrect behavior in various ftp daemons
> when presented with the command "CWD ~{" (and other similar commands).
> This affects ftp daemons that are considered not vulnerable to the
> globbing issues (e.g., CAN-2001-0247) announced earlier this month.
FYI:
I asked the wu-ftpd-members mailing list for their opinion. Below
is their answer. I'm still unsure if they really mean that there's no need
to upgrade although you say that the server is DOS'able from remote...
Or maybe it's just the one thread that crashes and the main server will handle
others connections further on. (I haven't had time to really look at this)
>> Date: Wed, 2 May 2001 08:55:38 -0400
>> From: "Gregory A Lundberg" <lundbergat_private>
>> To: "Christian Hammers" <chat_private>, <wuftpd-members@wu-ftpd.org>
>> X-Mailer: Microsoft Outlook Express 5.50.4522.1200
>>
>> No need to upgrade. It just de-references a NULL pointer and crashes. The
>> next version will have a fix.
bye,
-christian-
--
Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
chat_private Internet & Security for Professionals Fax 0241/911879
WESTEND ist CISCO Systems Partner - Premium Certified
This archive was generated by hypermail 2b30 : Wed May 02 2001 - 07:33:10 PDT