Bugtraq mailing list archives
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: Fred Mobach <fred () mobach nl>
Date: Fri, 30 Nov 2001 11:08:25 +0100
"Junius, Martin" wrote:
I just did some tests with RedHat 7.2, glibc-2.2.4-19, and ftpd-BSD-0.3.2. "ls ~{" makes the ftpd process die in glibc´s glob(pattern="~{", ...) function with a SEGV. Beside that ftpd-BSD uses globfree() to release the memory. So as long as glibc's glob() is safe, ftpd-BSD *should* be safe against this exploit.
SGI's ftp in IRIX 6.5 isn't vulnerable : erwin 1% uname -a IRIX erwin 6.5 01221644 IP32 fred@servans:~/a> ftp erwin Connected to erwin.mobach.nl. 220 erwin.mobach.nl FTP server ready. Name (erwin:fred): mendel 331 Password required for mendel. Password: 230 User mendel logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls ~{ 500 'EPSV': command not understood. 227 Entering Passive Mode (172,16,21,158,4,241) 150 Opening ASCII mode data connection for '/bin/ls'. UX:ls: ERROR: Cannot access ~{: No such file or directory 226 Transfer complete. ftp> Regards, Fred -- Fred Mobach - fred () mobach nl - postmaster () mobach nl Systemhouse Mobach bv - The Netherlands - since 1976 Save Harbour for encumbered Free and Open Source software and links: http://apache.dataloss.nl/~fred/
Current thread:
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability, (continued)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability David Brownlee (Nov 29)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Rick Kelly (Nov 30)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Todd C. Miller (Nov 28)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability GiulioMaria Fontana (Nov 29)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Flavio Veloso (Nov 29)
- RE: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Craig Leikis (Nov 29)
- RE: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Sandor W. Sklar (Nov 29)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Fred Mobach (Nov 30)