Bugtraq mailing list archives
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: Patrick Cantwell <seamus () manhattan insomnia org>
Date: Wed, 5 Dec 2001 10:35:11 -0500 (EST)
Yes, this must be library related. I have 2 machines here both running the same version of the OpenBSD ftpd ported to linux. One's a slackware 7.1 box, one's a prerelease version of slackware 8 (installed the machine before 8.0 made -release).. on the older machine: (Wed 10:25am) seamus@bofh ttyp0:~> ftp XXX Connected to XXX.XXX.XXX. 220 XXX.XXX.XXX FTP server (Version 6.5/OpenBSD, linux port 0.3.2) ready. Name (XXX:seamus): seamus 331 Password required for seamus. Password: 230- Linux 2.2.18. 230 User seamus logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls -al\ ~{ 200 PORT command successful. 421 Service not available, remote server has closed connection. ftp> quit (Wed 10:25am) seamus@bofh ttyp0:~> on the newer machine: (Wed 10:25am) seamus@bofh ttyp0:~> ftp YYY Connected to YYY.YYY.YYY. 220 YYY.YYY.YYY FTP server (Version 6.5/OpenBSD, linux port 0.3.2) ready. Name (YYY:seamus): seamus 331 Password required for seamus. Password: 230- 230 User seamus logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls -al\ ~{ 200 PORT command successful. 150 Opening ASCII mode data connection for '/bin/ls'. ftpd: ~{: No such file or directory 226 Transfer complete. ftp> If anyone would like to know more details (exact version numbers of glibc, etc..) please feel free to email me.. -- TheFloyd On Thu, 29 Nov 2001, Flavio Veloso wrote:
Date: Thu, 29 Nov 2001 09:32:33 -0200 (BRST) From: Flavio Veloso <flaviovs () magnux com> To: script0r <script0r () axenet org> Cc: bugtraq () securityfocus com Subject: Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability On Wed, 28 Nov 2001, script0r wrote:Subject: Wu-Ftpd File Globbing Heap Corruption Vulnerability(...)I am running the a linux port of the bsd ftpd and it might be vulnerable to a similar attack, ftp localhost Connected to localhost. 220 playlandFTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready. Name (localhost:user): ftp 331 Guest login ok, type your name as password. Password: 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls ~{ 200 PORT command successful. 421 Service not available, remote server has closed connection in inetd I find an error stating that the ftpd process has died unexpectedly Nov 28 14:21:28 playland inetd[82]: pid 16341: exit signal 11This may not be related to the wu-ftpd bug. I was just experiencing the same problem here, but further investigation showed up that it was due a bug in the glibc implementation of glob(3) (not exploitable, AFAICT). See http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html for details. -- Fl?vio
Current thread:
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Hasan Azam Diwan (Dec 01)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Travis Siegel (Dec 02)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability goba (Dec 02)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Morten Poulsen (Dec 03)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Jedi/Sector One (Dec 03)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Morten Poulsen (Dec 03)
- <Possible follow-ups>
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Patrick Cantwell (Dec 05)