Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: Fyodor (fygrave@tigerteam.net)Date: 11/29/01
- Previous message: Indigo: "comphack - Compaq Insight Manager Remote SYSTEM shell"
- In reply to: Brad: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Next in thread: David Brownlee: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Nov 2001 00:40:51 +0700 From: Fyodor <fygrave@tigerteam.net> To: Brad <brad@comstyle.com> Subject: Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Message-ID: <20011130004051.H29550@tigerteam.net>
On Wed, Nov 28, 2001 at 08:15:33PM -0500, Brad wrote:
> OpenBSD's ftpd exhibits the same behavior, 2.9-stable, 3.0-stable and
> -current.
>
Due to OpenBSD specific malloc implementation (they keep allocated pageinfo
structs separately from allocated chunks, which could be affected
externally) this bug doesn't seem to be exploitable on OpenBSD though.
(wish it could be;-))
-F
-- http://www.notlsd.net PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1
- Previous message: Indigo: "comphack - Compaq Insight Manager Remote SYSTEM shell"
- In reply to: Brad: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Next in thread: David Brownlee: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
