Vulnerability Development mailing list archives
Re: Red Hat 6.2's ftp segmentation fault
From: ofriedrichs () SECURITYFOCUS COM (Oliver Friedrichs)
Date: Fri, 23 Jun 2000 09:27:35 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This looks like a client side bug which has no significance, security-wise, unless it can be exploited in some way by a malicious remote FTP server (even then, crashing your ftp client isn't significant other than an annoyance). It should be fixed nontheless. Oliver
-----Original Message----- From: Paulo Ribeiro [mailto:prrar () NITNET COM BR] Sent: Thursday, June 22, 2000 4:58 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Red Hat 6.2's ftp segmentation fault Hi, folks. Look what I found this evening (Red Hat Linux 6.2, kernel 2.2.16): [user@my /]$ rpm -q ftp ftp-0.16-3 [user@my /]$ ftp host Connected to host. 220 host FTP server (Version wu-2.6.0(1) Fri Oct 22 00:38:20 CDT 1999) ready. Name (host:user): ftp 331 Guest login ok, send your complete e-mail address as password. Password: 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> put * Segmentation fault (core dumped) [user@my /]$ gdb ftp core GNU gdb 19991004 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"... (no debugging symbols found)... Core was generated by `ftp slackware'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/kerberos/lib/libgssapi_krb5.so.2... (no debugging symbols found)...done. Reading symbols from /usr/kerberos/lib/libkrb4.so.2... (no debugging symbols found)...done. Reading symbols from /usr/kerberos/lib/libkrb5.so.2... (no debugging symbols found)...done. Reading symbols from /usr/kerberos/lib/libdes425.so.3... (no debugging symbols found)...done. Reading symbols from /usr/kerberos/lib/libk5crypto.so.2... (no debugging symbols found)...done. Reading symbols from /usr/kerberos/lib/libcom_err.so.3... (no debugging symbols found)...done. Reading symbols from /lib/libutil.so.1...done. Reading symbols from /lib/libcrypt.so.1...done. Reading symbols from /lib/libresolv.so.2...done. Reading symbols from /lib/libc.so.6...done. Reading symbols from /lib/ld-linux.so.2...done. Reading symbols from /lib/libnss_files.so.2...done. Reading symbols from /lib/libnss_nisplus.so.2...done. Reading symbols from /lib/libnsl.so.1...done. Reading symbols from /lib/libnss_nis.so.2...done. Reading symbols from /lib/libnss_dns.so.2...done. #0 chunk_free (ar_ptr=0x401fbd60, p=0x8070a34) at malloc.c:3049 3049 malloc.c: No such file or directory.t malloc.c:3049 (gdb) where #0 chunk_free (ar_ptr=0x401fbd60, p=0x8070a34) at malloc.c:3049 #1 0x40166fba in __libc_free (mem=0x8070a3c) at malloc.c:3023 #2 0x804d8a8 in strcpy () at ../sysdeps/generic/strcpy.c:30 #3 0x804b00a in strcpy () at ../sysdeps/generic/strcpy.c:30 #4 0x8055860 in login () #5 0x80555ac in login () #6 0x401259cb in __libc_start_main (main=0x80551c0 <login+24584>, argc=2, argv=0xbffffb44, init=0x8049aa0, fini=0x8057a0c <lstat+88>, rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffffb3c) at ../sysdeps/generic/libc-start.c:92 Any idea? Yours, Paulo Ribeiro.
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOVONhcm4FXxxREdXEQIplACfdUnqa0nokMhErT5Kxet8tFvLFCwAn1Sf ldkdjmQ/vZjk7FvIHMVJSINH =CnfU -----END PGP SIGNATURE-----
Current thread:
- Re: Red Hat 6.2's ftp segmentation fault Oliver Friedrichs (Jun 23)