Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
From: Rick Kelly (rmk@toad.rmkhome.com)Date: 11/30/01
- Previous message: James Hollingshead: "Alert: Vulnerability in frox transparent ftp proxy."
- In reply to: David Brownlee: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Next in thread: Todd C. Miller: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Rick Kelly <rmk@toad.rmkhome.com> Message-Id: <200111300007.fAU07Kv05883@toad.rmkhome.com> Subject: Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability To: David Brownlee <abs@formula1.com> Date: Thu, 29 Nov 2001 17:07:19 -0700 (MST)
David Brownlee said:
> Can confirm 'ls ~{' runs without problem by ftp on NetBSD
> 1.5.2, 1.4.1, and 1.3.2 systems.
ftp.rmkhome.com is NetBSD/i386 1.4.1 with wuftpd 2.6.1
I applied the patches from the wuftpd ftp site.
This is what I see now:
/home/rmk> ftp ftp.rmkhome.com
Connected to tencats.rmkhome.com.
220 tencats.rmkhome.com FTP server (Version wu-2.6.1(3) Thu Nov 29 14:15:29 MST 2001) ready.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
500 'EPSV': command not understood.
227 Entering Passive Mode (216,17,154,228,54,106)
550 Missing }
ftp>
Looks good to me.
-- Rick Kelly rmk@rmkhome.com www.rmkhome.com
- Previous message: James Hollingshead: "Alert: Vulnerability in frox transparent ftp proxy."
- In reply to: David Brownlee: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Next in thread: Todd C. Miller: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
