Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: Andre Oppermann (oppermann@pipeline.ch)Date: 11/29/01
- Previous message: Mark Canter: "WU-FTPD 2.6.1 diff glob.c patch"
- In reply to: script0r: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Next in thread: Brad: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Next in thread: Todd C. Miller: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Reply: Brad: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Reply: David Brownlee: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3C057A82.C2258A6E@pipeline.ch> Date: Thu, 29 Nov 2001 01:00:03 +0100 From: Andre Oppermann <oppermann@pipeline.ch> To: script0r <script0r@axenet.org> Subject: Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
The FreeBSD ftpd on at least FreeBSD 4.4 and FreeBSD 5.0-current does
not crash but simply provides a normal 'ls' output even though script0r
sees his Linux port of the (Open)BSD ftpd crashing.
-- Andrescript0r wrote: > > > > > -------------------------------------------------------------------------- > - > > Security Alert > > > > Subject: Wu-Ftpd File Globbing Heap Corruption Vulnerability > > BUGTRAQ ID: 3581 CVE ID: CVE-MAP-NOMATCH > > Published: Nov 27, 2001 Updated: Nov 28, 2001 > > 01:12:56 > > > > Remote: Yes Local: No > > Availability: Always Authentication: Not Required > > Credibility: Vendor Confirmed Ease: No Exploit > > Available Class: Failure to Handle Exceptional Conditions > > > > Impact: 10.0 Severity: 10.0 Urgency: 8.2 > > > > Last Change: Initial analysis. > > -------------------------------------------------------------------------- > > I am running the a linux port of the bsd ftpd and it might be vulnerable to > a similar attack, > > ftp localhost > Connected to localhost. > 220 playlandFTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready. > Name (localhost:user): ftp > 331 Guest login ok, type your name as password. > Password: > 230 Guest login ok, access restrictions apply. > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> ls ~{ > 200 PORT command successful. > 421 Service not available, remote server has closed connection > > in inetd I find an error stating that the ftpd process has died unexpectedly > > Nov 28 14:21:28 playland inetd[82]: pid 16341: exit signal 11
- Previous message: Mark Canter: "WU-FTPD 2.6.1 diff glob.c patch"
- In reply to: script0r: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Next in thread: Brad: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Next in thread: Todd C. Miller: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Reply: Brad: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Reply: David Brownlee: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
