Bugtraq mailing list archives
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: Jedi/Sector One <j () pureftpd org>
Date: Mon, 3 Dec 2001 21:54:55 +0059
On Mon, Dec 03, 2001 at 09:32:25AM +0100, Morten Poulsen wrote:
ftp> ls -al ~{ Segmentation fault (core dumped)No, it's a problem in your client. I can btw reproduce it with the ftp client from Linux NetKit 0.16 on LinuxPPC.
'ls -al <something here>' in a command-line ftp client means to save the
result of 'ls -al' in '<something here>' .
<something here> is expanded by your FTP client. The ftp server only sees
'ls -al'. So you are probably triggering the glibc bug locally.
If you want to send a pattern and ls options, quote the space :
ls -al\ ~{
Best regards,
-Frank.
--
Upgrade your FTP server to something simple and secure
http://www.pureftpd.org
Current thread:
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Hasan Azam Diwan (Dec 01)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Travis Siegel (Dec 02)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability goba (Dec 02)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Morten Poulsen (Dec 03)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Jedi/Sector One (Dec 03)
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Morten Poulsen (Dec 03)
- <Possible follow-ups>
- Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Patrick Cantwell (Dec 05)