Bugtraq mailing list archives

Re: Yet another heap overflow in wu-ftpd and so on...

From: portal () SECURITY IS (portal)
Date: Thu, 8 Jun 2000 21:31:13 -0000

similar command as above 'grep' can see it clearly. It's
rather obvious that there's an overflow in optional 
feature introduced in recent wu-ftpd
versions, called 'internal ls'. But this problem has been 
discovered by someone else (I'm not sure who did it, 
someone from teso or Lam3rZ) days
ago. Sorry, anyway :)


I guess it was me :) I think I spotted it in April/May last 
year while auditing 2.5.0, and told somebody in teso about 
it. It's nothing in peculiar, and has too many 
requirements. One has to create a symbolic link in a 
directory and list it with the 'internal ls'.
Additionally, it's a heap overflow. Have fun with it ;)

Sincerely,
portal () security is
- www.security.is -

Current thread:

Yet another heap overflow in wu-ftpd and so on... Michal Zalewski (Jun 07)
- Re: Yet another heap overflow in wu-ftpd and so on... portal (Jun 08)
- Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] fusys () ITAPAC NET (Jun 09)
  - Re: Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] Vanja Hrustic (Jun 10)
    - Re: Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] Fyodor (Jun 10)
  - Update to DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail Security Team (Jun 10)
- Security Update: flaws in the SSL transaction handling of Netscape Technical Support (Jun 09)