Bugtraq mailing list archives
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: Jedi/Sector One <j () pureftpd org>
Date: Mon, 3 Dec 2001 21:54:55 +0059
On Mon, Dec 03, 2001 at 09:32:25AM +0100, Morten Poulsen wrote:
ftp> ls -al ~{ Segmentation fault (core dumped)No, it's a problem in your client. I can btw reproduce it with the ftp client from Linux NetKit 0.16 on LinuxPPC.
'ls -al <something here>' in a command-line ftp client means to save the result of 'ls -al' in '<something here>' . <something here> is expanded by your FTP client. The ftp server only sees 'ls -al'. So you are probably triggering the glibc bug locally. If you want to send a pattern and ls options, quote the space : ls -al\ ~{ Best regards, -Frank. -- Upgrade your FTP server to something simple and secure http://www.pureftpd.org
Current thread:
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Hasan Azam Diwan (Dec 01)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Travis Siegel (Dec 02)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability goba (Dec 02)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Morten Poulsen (Dec 03)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Jedi/Sector One (Dec 03)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Morten Poulsen (Dec 03)
- <Possible follow-ups>
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Patrick Cantwell (Dec 05)