Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

From: Rick Kelly <rmk () toad rmkhome com>
Date: Thu, 29 Nov 2001 17:07:19 -0700 (MST)
David Brownlee said:


      Can confirm 'ls ~{' runs without problem by ftp on NetBSD
      1.5.2, 1.4.1, and 1.3.2 systems.


ftp.rmkhome.com is NetBSD/i386 1.4.1 with wuftpd 2.6.1

I applied the patches from the wuftpd ftp site.

This is what I see now:

/home/rmk> ftp ftp.rmkhome.com 
Connected to tencats.rmkhome.com.
220 tencats.rmkhome.com FTP server (Version wu-2.6.1(3) Thu Nov 29 14:15:29 MST 2001) ready.

Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
500 'EPSV': command not understood.
227 Entering Passive Mode (216,17,154,228,54,106)
550 Missing }
ftp> 

Looks good to me.
-- 
Rick Kelly  rmk () rmkhome com  www.rmkhome.com
Previous By Date Next
Previous By Thread Next

Current thread: