Bugtraq mailing list archives
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: "Todd C. Miller" <Todd.Miller () courtesan com>
Date: Wed, 28 Nov 2001 20:18:07 -0700
In message <35684.24.51.95.122.1006990579.squirrel () mail axenet org> so spake "script0r" (script0r):
I am running the a linux port of the bsd ftpd and it might be vulnerable to a similar attack,
It depends entirely on your glob(3) implementation since unlike wu-ftpd, any port of the OpenBSD ftpd that doesn't include a private glob.c will just use the one in your own libc. We fixed a bunch of potential glob(3) problems in OpenBSD's glob.c a while ago (though there may be more lurking--that is nasty code!). - todd
Current thread:
- *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Dave Ahmad (Nov 28)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability script0r (Nov 28)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Andre Oppermann (Nov 28)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability David Brownlee (Nov 29)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Rick Kelly (Nov 30)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability script0r (Nov 28)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Todd C. Miller (Nov 28)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability GiulioMaria Fontana (Nov 29)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Flavio Veloso (Nov 29)
- <Possible follow-ups>
- RE: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Junius, Martin (Nov 29)
- RE: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Craig Leikis (Nov 29)
- RE: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Sandor W. Sklar (Nov 29)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Fred Mobach (Nov 30)