Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: Todd C. Miller (Todd.Miller@courtesan.com)Date: 11/29/01
- Previous message: Immunix Security Team: "Immunix OS 7.0 wu-ftpd update"
- In reply to: script0r: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Next in thread: GiulioMaria Fontana: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Next in thread: Junius, Martin: "RE: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200111290318.fAT3I77q013615@xerxes.courtesan.com> To: "script0r" <script0r@axenet.org> Subject: Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Date: Wed, 28 Nov 2001 20:18:07 -0700 From: "Todd C. Miller" <Todd.Miller@courtesan.com>
In message <35684.24.51.95.122.1006990579.squirrel@mail.axenet.org>
so spake "script0r" (script0r):
> I am running the a linux port of the bsd ftpd and it might be vulnerable to
> a similar attack,
It depends entirely on your glob(3) implementation since unlike
wu-ftpd, any port of the OpenBSD ftpd that doesn't include a private
glob.c will just use the one in your own libc.
We fixed a bunch of potential glob(3) problems in OpenBSD's glob.c
a while ago (though there may be more lurking--that is nasty code!).
- todd
- Previous message: Immunix Security Team: "Immunix OS 7.0 wu-ftpd update"
- In reply to: script0r: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Next in thread: GiulioMaria Fontana: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Next in thread: Junius, Martin: "RE: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
