Bugtraq mailing list archives
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: Patrick Cantwell <seamus () manhattan insomnia org>
Date: Wed, 5 Dec 2001 10:35:11 -0500 (EST)
Yes, this must be library related. I have 2 machines here both running the
same version of the OpenBSD ftpd ported to linux. One's a slackware 7.1
box, one's a prerelease version of slackware 8 (installed the machine
before 8.0 made -release)..
on the older machine:
(Wed 10:25am) seamus@bofh ttyp0:~> ftp XXX
Connected to XXX.XXX.XXX.
220 XXX.XXX.XXX FTP server (Version 6.5/OpenBSD, linux port 0.3.2)
ready.
Name (XXX:seamus): seamus
331 Password required for seamus.
Password:
230- Linux 2.2.18.
230 User seamus logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -al\ ~{
200 PORT command successful.
421 Service not available, remote server has closed connection.
ftp> quit
(Wed 10:25am) seamus@bofh ttyp0:~>
on the newer machine:
(Wed 10:25am) seamus@bofh ttyp0:~> ftp YYY
Connected to YYY.YYY.YYY.
220 YYY.YYY.YYY FTP server (Version 6.5/OpenBSD, linux port 0.3.2)
ready.
Name (YYY:seamus): seamus
331 Password required for seamus.
Password:
230-
230 User seamus logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -al\ ~{
200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
ftpd: ~{: No such file or directory
226 Transfer complete.
ftp>
If anyone would like to know more details (exact version numbers of glibc,
etc..) please feel free to email me..
--
TheFloyd
On Thu, 29 Nov 2001, Flavio Veloso wrote:
Date: Thu, 29 Nov 2001 09:32:33 -0200 (BRST) From: Flavio Veloso <flaviovs () magnux com> To: script0r <script0r () axenet org> Cc: bugtraq () securityfocus com Subject: Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability On Wed, 28 Nov 2001, script0r wrote:Subject: Wu-Ftpd File Globbing Heap Corruption Vulnerability(...)I am running the a linux port of the bsd ftpd and it might be vulnerable to a similar attack, ftp localhost Connected to localhost. 220 playlandFTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready. Name (localhost:user): ftp 331 Guest login ok, type your name as password. Password: 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls ~{ 200 PORT command successful. 421 Service not available, remote server has closed connection in inetd I find an error stating that the ftpd process has died unexpectedly Nov 28 14:21:28 playland inetd[82]: pid 16341: exit signal 11This may not be related to the wu-ftpd bug. I was just experiencing the same problem here, but further investigation showed up that it was due a bug in the glibc implementation of glob(3) (not exploitable, AFAICT). See http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html for details. -- Fl?vio
Current thread:
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Hasan Azam Diwan (Dec 01)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Travis Siegel (Dec 02)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability goba (Dec 02)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Morten Poulsen (Dec 03)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Jedi/Sector One (Dec 03)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Morten Poulsen (Dec 03)
- <Possible follow-ups>
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Patrick Cantwell (Dec 05)