Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: Flavio Veloso <flaviovs () magnux com>
Date: Thu, 29 Nov 2001 09:32:33 -0200 (BRST)

On Wed, 28 Nov 2001, script0r wrote:

Subject:      Wu-Ftpd File Globbing Heap Corruption Vulnerability
   (...)
I am running the a linux port of the bsd ftpd and it might be vulnerable to
a similar attack,

ftp localhost
Connected to localhost.
220 playlandFTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready.
Name (localhost:user): ftp
331 Guest login ok, type your name as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
200 PORT command successful.
421 Service not available, remote server has closed connection

in inetd I find an error stating that the ftpd process has died unexpectedly

Nov 28 14:21:28 playland inetd[82]: pid 16341: exit signal 11

This may not be related to the wu-ftpd bug. I was just experiencing
the same problem here, but further investigation showed up that it was
due a bug in the glibc implementation of glob(3) (not exploitable,
AFAICT).

See http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html for
details.

-- 
Flávio


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]