Home page logo

bugtraq logo Bugtraq mailing list archives

RE: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: "Sandor W. Sklar" <ssklar () stanford edu>
Date: Thu, 29 Nov 2001 10:27:47 -0800

just to help complete the list of "ok"/"not ok" systems, neither the
AIX 4.3.3-ML08 ftpd daemon nor the Mac OS X 10.1.1/Darwin 5.1 ftpd
daemon  appear to be vulnerable.

At 5:46 PM +0100 11/29/01, Junius, Martin wrote:

I just did some tests with RedHat 7.2, glibc-2.2.4-19, and ftpd-BSD-0.3.2.
"ls ~{" makes the ftpd process die in glibc´s glob(pattern="~{", ...)
function with a SEGV. Beside that ftpd-BSD uses globfree() to release
the memory. So as long as glibc's glob() is safe, ftpd-BSD *should*
be safe against this exploit.

On RedHat 6.2, glibc-2.1.3-22, "ls ~{" simply returns "No such file
or directory".


  Sandor W. Sklar  -  Unix Systems Administrator  -  Stanford University ITSS
  Non impediti ratione cogitationis.   <http://whippet.stanford.edu/~ssklar/>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]