Vulnerability Development mailing list archives
Re: BUG in ftp client on *BSD and Solaris system?
From: T0aD <toad () skreel org>
Date: Sat, 1 Jun 2002 05:09:31 +0200
Hello Apparently this aint no 'security bug' in here. The shell prints out this string to notice user he's quitting job or process while sending a signal with Ctrl + 4 ('^\'), a signal also known as SIGQUIT (signal 3) from man signal: SIGQUIT create core image quit program Oh well yeah under linux it doesnt seem to print anything except while playin' around (talking about bash, the default shell): (nofuture)$ read & [1] 1678 (nofuture)$ kill -QUIT 1678 [1]+ Stopped read (nofuture)$ fg read Quit <-- i let you guess if it means its 'vulnerable'.. (nofuture)$ -- toad wastin' time Still unpatched: - some brains On Fri, 31 May 2002 21:36:55 +0200 Admin <admin () www dragonlance eu org> wrote:
Hello all, in these days I got a strange core dump using the ftp client. This core dump can only did by using the PUTTY ssh client... (Tested with putty 0.52) >root@Wayreth[~]: ftp ftp.unina.it >Connected to ftp.unina.it. >220 >Name (ftp.unina.it:root): ^\Quit (core dumped) >root@Wayreth[~]: for do that, just push CTRL+รน when the user is requested... Tested system: -OpenBSD 3.1 -OpenBSD 3.0 -OpenBSD 2.9 -FreeBSD 4.4-RC5 -FreeBSD 4.5-STABLE -FreeBSD kalieye 4.6-RC FreeBSD 4.6-RC -SunOS XXXXX 5.6 Generic_105181-30 sun4u sparc SUNW,Ultra-Enterprise -SunOS XXXXX 5.6 Generic_105182-30 i86pc i386 i86pc Not vulnerable: -Linux This bug haven't any security issue, it's only a client and not with the +s flag. In these day I haven't the time to check the source code for see what's is wrong, I will did it in some days... Agazzini Maurizio admin () www dragonlance eu org
Current thread:
- BUG in ftp client on *BSD and Solaris system? Admin (May 31)
- Re: BUG in ftp client on *BSD and Solaris system? Luciano Miguel Ferreira Rocha (Jun 01)
- Re: BUG in ftp client on *BSD and Solaris system? elguapo (Jun 01)
- 72% of web base ping scripts allows attackers to pass malicious parameters John Thornton (Jun 01)
- Re: BUG in ftp client on *BSD and Solaris system? Crist J. Clark (Jun 01)
- Re: BUG in ftp client on *BSD and Solaris system? Philipp Buehler (Jun 01)
- Re: BUG in ftp client on *BSD and Solaris system? Vanja Hrustic (Jun 01)
- Re: BUG in ftp client on *BSD and Solaris system? T0aD (Jun 01)
- Re: BUG in ftp client on *BSD and Solaris system? Admin (Jun 01)