Vulnerability Development mailing list archives
Re: Red Hat 6.2's ftp segmentation fault
From: lcamtuf () DIONE IDS PL (Michal Zalewski)
Date: Fri, 23 Jun 2000 22:34:39 +0200
On Fri, 23 Jun 2000, Osvaldo J. Filho wrote:
Yes, there is a Wu-FTPD 2.6.0 private exploit around here. I got the exploit too, and it look likes that it works. Change to ProFTPD or NcFTPD. [...] The exploit uses site exec, but 'put' maybe vulnerable too.
No associacion. 1. there's no 'PUT' commaand in ftp protocol; this segv affects client-side and is mostly harmless 2. '*' has nothing to do with format sequences in *printf And finally, I don't think that proftpd is really secure for now. Some problems with STAT, for example :) _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- Re: Another new worm???, (continued)
- Re: Another new worm??? Frank Town (Jun 21)
- Re: Another new worm??? Justin Lintz (Jun 21)
- Re: Another new worm??? Steve Mosher (Jun 22)
- Re: Another new worm??? Michael S Hines (Jun 23)
- Re: Another new worm??? David Knaack (Jun 22)
- Re: Another new worm??? Jason Legate (Jun 22)
- Re: Another new worm??? David Knaack (Jun 22)
- Re: Another new worm??? Jason Legate (Jun 22)
- Red Hat 6.2's ftp segmentation fault Paulo Ribeiro (Jun 22)
- Re: Red Hat 6.2's ftp segmentation fault Osvaldo J. Filho (Jun 23)
- Re: Red Hat 6.2's ftp segmentation fault Michal Zalewski (Jun 23)
- Re: Red Hat 6.2's ftp segmentation fault Jeff Bachtel (Jun 23)
- Re: Red Hat 6.2's ftp segmentation fault Philip Rowlands (Jun 23)
- Re: Red Hat 6.2's ftp segmentation fault Bluefish (Jun 24)
- Re: Red Hat 6.2's ftp segmentation fault Jim Kinney (Jun 24)
- Re: Red Hat 6.2's ftp segmentation fault Blue Boar (Jun 24)
- Different attack vector - PXE-2.0 protocol Ollie Whitehouse (Jun 25)
- Spoofed FTP connections John Scimone (Jun 25)
- Re: Another new worm??? Justin Lintz (Jun 21)
- Re: Another new worm??? Frank Town (Jun 21)
- Re: Red Hat 6.2's ftp segmentation fault Jason Storm (Jun 24)
- Keyboard recording Martin M Samson (Jun 21)