|
Vulnerability Development
mailing list archives
Re: BUG in ftp client on *BSD and Solaris system?
From: T0aD <toad () skreel org>
Date: Sat, 1 Jun 2002 05:09:31 +0200
Hello
Apparently this aint no 'security bug' in here.
The shell prints out this string to notice user he's
quitting job or process while sending a signal with Ctrl + 4 ('^\'),
a signal also known as SIGQUIT (signal 3)
from man signal:
SIGQUIT create core image quit program
Oh well yeah under linux it doesnt seem to print anything except while playin'
around (talking about bash, the default shell):
(nofuture)$ read &
[1] 1678
(nofuture)$ kill -QUIT 1678
[1]+ Stopped read
(nofuture)$ fg
read
Quit <-- i let you guess if it means its 'vulnerable'..
(nofuture)$
-- toad wastin' time
Still unpatched:
- some brains
On Fri, 31 May 2002 21:36:55 +0200
Admin <admin () www dragonlance eu org> wrote:
Hello all,
in these days I got a strange core dump using the ftp client.
This core dump can only did by using the PUTTY ssh client...
(Tested with putty 0.52)
>root () Wayreth[~]: ftp ftp.unina.it
>Connected to ftp.unina.it.
>220
>Name (ftp.unina.it:root): ^\Quit (core dumped)
>root () Wayreth[~]:
for do that, just push CTRL+รน when the user is requested...
Tested system:
-OpenBSD 3.1
-OpenBSD 3.0
-OpenBSD 2.9
-FreeBSD 4.4-RC5
-FreeBSD 4.5-STABLE
-FreeBSD kalieye 4.6-RC FreeBSD 4.6-RC
-SunOS XXXXX 5.6 Generic_105181-30 sun4u sparc SUNW,Ultra-Enterprise
-SunOS XXXXX 5.6 Generic_105182-30 i86pc i386 i86pc
Not vulnerable:
-Linux
This bug haven't any security issue, it's only a client and not with the
+s flag. In these day I haven't the time to check the source code for
see what's is wrong, I will did it in some days...
Agazzini Maurizio
admin () www dragonlance eu org
 By Date 
By Thread
Current thread:
- Re: BUG in ftp client on *BSD and Solaris system?, (continued)
|
Intro
