Re: other services vulnerable to globbing exploit?
From: Kris Kennaway (kris@obsecurity.org)
Date: 04/24/01
- Next message: Kris Kennaway: "Re: Q: Impact of globbing vulnerability in ftpd"
- Previous message: Karsten W. Rohrbach: "Re: Security Announcements & Incremental Patches"
- In reply to: Jumpin Joe: "other services vulnerable to globbing exploit?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Apr 2001 11:49:38 -0700 From: Kris Kennaway <kris@obsecurity.org> To: djs@uscreativetypes.com
On Tue, Apr 24, 2001 at 08:42:41AM -0600, Jumpin Joe wrote:
> Greetings:
>
> I have followed with interest the recent exchanges about the ftpd
> globbing vulnerability. Below is a line from the logs of a certain site
> I host. The output looks very similar to the output I've seen shared
> here about how the vulnerability is exploited. Could this be an
> (attempt) to exploit the same vulnerability through httpd? And as
> always, can this even be considered an attack? My apache and bind are
> up to date and requests like this come through at a variable rate, have
> not crashed the service, but do seem to be increasing load and eating up
> bandwidth. Thanks in advance for your consideration.
This doesn't look like a globbing attempt, but other services
certainly could be vulnerable to the buffer overflow, since glob() is
in libc (this was noted in the advisory, I believe). Recompile libc
and any statically-linked servers, etc.
Kris
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored
- Next message: Kris Kennaway: "Re: Q: Impact of globbing vulnerability in ftpd"
- Previous message: Karsten W. Rohrbach: "Re: Security Announcements & Incremental Patches"
- In reply to: Jumpin Joe: "other services vulnerable to globbing exploit?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
