Home page logo

bugtraq logo Bugtraq mailing list archives

Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: "Todd C. Miller" <Todd.Miller () courtesan com>
Date: Wed, 28 Nov 2001 20:18:07 -0700

In message <35684. () mail axenet org>
        so spake "script0r" (script0r):

I am running the a linux port of the bsd ftpd and it might be vulnerable to
a similar attack,

It depends entirely on your glob(3) implementation since unlike
wu-ftpd, any port of the OpenBSD ftpd that doesn't include a private
glob.c will just use the one in your own libc.

We fixed a bunch of potential glob(3) problems in OpenBSD's glob.c
a while ago (though there may be more lurking--that is nasty code!).

 - todd

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]