Home page logo

bugtraq logo Bugtraq mailing list archives

Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: Brad <brad () comstyle com>
Date: Wed, 28 Nov 2001 20:15:33 -0500 (EST)

OpenBSD's ftpd exhibits the same behavior, 2.9-stable, 3.0-stable and

// Brad

brad () comstyle com
brad () openbsd org

The FreeBSD ftpd on at least FreeBSD 4.4 and FreeBSD 5.0-current does
not crash but simply provides a normal 'ls' output even though script0r
sees his Linux port of the (Open)BSD ftpd crashing.


script0r wrote:

                             Security Alert

Subject:      Wu-Ftpd File Globbing Heap Corruption Vulnerability
BUGTRAQ ID:   3581                   CVE ID:         CVE-MAP-NOMATCH
Published:    Nov 27, 2001           Updated:        Nov 28, 2001

Remote:       Yes                    Local:          No
Availability: Always                 Authentication: Not Required
Credibility:  Vendor Confirmed       Ease:           No Exploit
Available Class:        Failure to Handle Exceptional Conditions

Impact:   10.0           Severity: 10.0            Urgency:  8.2

Last Change:  Initial analysis.

I am running the a linux port of the bsd ftpd and it might be vulnerable to
a similar attack,

ftp localhost
Connected to localhost.
220 playlandFTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready.
Name (localhost:user): ftp
331 Guest login ok, type your name as password.
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
200 PORT command successful.
421 Service not available, remote server has closed connection

in inetd I find an error stating that the ftpd process has died unexpectedly

Nov 28 14:21:28 playland inetd[82]: pid 16341: exit signal 11

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]