Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

From: David Brownlee (abs@formula1.com)
Date: 11/29/01


Date: Thu, 29 Nov 2001 12:27:11 +0000 (GMT)
From: David Brownlee <abs@formula1.com>
To: Andre Oppermann <oppermann@pipeline.ch>
Subject: Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption  Vulnerability
Message-ID: <Pine.NEB.4.40.0111291224130.354-100000@odysseus.mono.org>


        Can confirm 'ls ~{' runs without problem by ftp on NetBSD
        1.5.2, 1.4.1, and 1.3.2 systems.

-- 
		David/absolute		abs@formula1.com

On Thu, 29 Nov 2001, Andre Oppermann wrote:

> > The FreeBSD ftpd on at least FreeBSD 4.4 and FreeBSD 5.0-current does > not crash but simply provides a normal 'ls' output even though script0r > sees his Linux port of the (Open)BSD ftpd crashing.



Relevant Pages