mailing list archives
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: "Todd C. Miller" <Todd.Miller () courtesan com>
Date: Wed, 28 Nov 2001 20:18:07 -0700
In message <35618.104.22.168.122.1006990579.squirrel () mail axenet org>
so spake "script0r" (script0r):
I am running the a linux port of the bsd ftpd and it might be vulnerable to
a similar attack,
It depends entirely on your glob(3) implementation since unlike
wu-ftpd, any port of the OpenBSD ftpd that doesn't include a private
glob.c will just use the one in your own libc.
We fixed a bunch of potential glob(3) problems in OpenBSD's glob.c
a while ago (though there may be more lurking--that is nasty code!).