Bugtraq mailing list archives
Re: Yet another heap overflow in wu-ftpd and so on...
From: portal () SECURITY IS (portal)
Date: Thu, 8 Jun 2000 21:31:13 -0000
similar command as above 'grep' can see it clearly. It's rather obvious that there's an overflow in optional feature introduced in recent wu-ftpd versions, called 'internal ls'. But this problem has been discovered by someone else (I'm not sure who did it, someone from teso or Lam3rZ) days ago. Sorry, anyway :)
I guess it was me :) I think I spotted it in April/May last year while auditing 2.5.0, and told somebody in teso about it. It's nothing in peculiar, and has too many requirements. One has to create a symbolic link in a directory and list it with the 'internal ls'. Additionally, it's a heap overflow. Have fun with it ;) Sincerely, portal () security is - www.security.is -
Current thread:
- Yet another heap overflow in wu-ftpd and so on... Michal Zalewski (Jun 07)
- Re: Yet another heap overflow in wu-ftpd and so on... portal (Jun 08)
- Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] fusys () ITAPAC NET (Jun 09)
- Re: Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] Vanja Hrustic (Jun 10)
- Re: Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] Fyodor (Jun 10)
- Update to DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail Security Team (Jun 10)
- Re: Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] Vanja Hrustic (Jun 10)
- Security Update: flaws in the SSL transaction handling of Netscape Technical Support (Jun 09)