Re: BUG in ftp client on *BSD and Solaris system?

[T0aD <toad () skreel org>]

Hello 

Apparently this aint no 'security bug' in here.
The shell prints out this string to notice user he's
quitting job or process while sending a signal with Ctrl + 4 ('^\'),
a signal also known as SIGQUIT (signal 3)

from man signal:
    SIGQUIT         create core image       quit program

Oh well yeah under linux it doesnt seem to print anything except while playin'
around (talking about bash, the default shell):

(nofuture)$ read &
[1] 1678
(nofuture)$ kill -QUIT 1678

[1]+  Stopped                 read
(nofuture)$ fg
read
Quit                           <-- i let you guess if it means its 'vulnerable'..
(nofuture)$ 

-- toad wastin' time

Still unpatched:
- some brains


On Fri, 31 May 2002 21:36:55 +0200
Admin <admin () www dragonlance eu org> wrote:

> Hello all,
> in these days I got a strange core dump using the ftp client.
> This core dump can only did by using the PUTTY ssh client...
>
> (Tested with putty 0.52)
>
>  >root@Wayreth[~]: ftp ftp.unina.it
>  >Connected to ftp.unina.it.
>  >220
>  >Name (ftp.unina.it:root): ^\Quit (core dumped)
>  >root@Wayreth[~]:
>
> for do that, just push CTRL+ù when the user is requested...
>
> Tested system:
> -OpenBSD 3.1
> -OpenBSD 3.0
> -OpenBSD 2.9
> -FreeBSD 4.4-RC5
> -FreeBSD 4.5-STABLE
> -FreeBSD kalieye 4.6-RC FreeBSD 4.6-RC
> -SunOS XXXXX 5.6 Generic_105181-30 sun4u sparc SUNW,Ultra-Enterprise
> -SunOS XXXXX 5.6 Generic_105182-30 i86pc i386 i86pc
>
> Not vulnerable:
> -Linux
>
> This bug haven't any security issue, it's only a client and not with the 
> +s flag. In these day I haven't the time to check the source code for 
> see what's is wrong, I will did it in some days...
>
> Agazzini Maurizio
> admin () www dragonlance eu org