Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)

From: Krzysztof Zaraska (kzaraska@student.uci.agh.edu.pl)
Date: 11/30/01

• Next message: Fernanda: "Sites feitos para gerar negócios"
• Previous message: Erick Mechler: "Re: sshd exploit"
• In reply to: Konrad Heuer: "ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)"
• Next in thread: Jason Hunt: "Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)"
• Reply: Jason Hunt: "Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 30 Nov 2001 11:11:38 +0100
From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>
To: "Konrad Heuer" <kheuer@gwdu60.gwdg.de>

On Fri, 30 Nov 2001 09:53:13 +0100 (CET) Konrad Heuer wrote:

> Any opinions whether wu-ftpd on FreeBSD is vulnerable too? To my mind,
it
> seems so.
The advisory by Dave Ahmad/Securityfocus.com (see BUGTRAQ archives) says
that you can check if you are vulnerable by logging into FTP server and
doing
ftp> ls ~{
if this segfaults, you are vulnerable.

I don't have any machine running wu-ftpd at hand, unfortunately.

The diffs from Red Hat patch were already published on this list.

Regards,
Krzysztof

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Fernanda: "Sites feitos para gerar negócios"
• Previous message: Erick Mechler: "Re: sshd exploit"
• In reply to: Konrad Heuer: "ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)"
• Next in thread: Jason Hunt: "Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)"
• Reply: Jason Hunt: "Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Quick n Easy FTP Server pro/lite Logging unicode stack overflow ... Logging unicode stack overflow ... Quick 'n Easy FTP Server is a simple and handy FTP server which is ... (Bugtraq) Re: accessing multiple folde using FTP Sever ... But when I'm logging with different user, I 'm getting access to only "temp" ... FTP Server code is public if you really need to dig into this, ... ; @CESYSGEN ENDIF SERVERS_MODULES_SERVICES ... (microsoft.public.windowsce.embedded) Re: FTP monitoring ... >> I am transfering many files to a FTP server and logging its output. ... >> For the purpose of a script I need to obtain only the filename that is ... (comp.unix.shell) =?ISO-8859-1?Q?Re:_Why_does_MAXPROCUSER_not_limit_the_number_of_FTP_sessions=3F?= ... The FTP server actually starts a new process running under the userid of the ... under the ID of the person logging in. ... For IBM-MAIN subscribe / signoff / archive access instructions, ... send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO ... (bit.listserv.ibm-main) RE: natted ftp server ... What FTP server are you running? ... Some allow you to specify an external IP ... 'pasv_ports x-y z' - x-y being a range or z being a single port. ... > questions@freebsd.org] On Behalf Of dave ... (freebsd-questions)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint