[20151] in bugtraq
Re: [COVERT-2001-02] Globbing Vulnerabilities in Multiple FTP
daemon@ATHENA.MIT.EDU (Mike Gleason)
Wed Apr 11 04:11:32 2001
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=SHA1; boundary="----=_NextPart_000_0037_01C0C1B7.878A0800"
Message-ID: <LIEKIDAGFCIEBCFKIEIECEANCLAA.mgleason@ncftp.com>
Date: Tue, 10 Apr 2001 12:13:17 -0500
Reply-To: Mike Gleason <mgleason@NCFTP.COM>
From: Mike Gleason <mgleason@NCFTP.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <01C0C128.C452FEC0@w240.z064220178.sjc-ca.dsl.cnc.net>
This is a multi-part message in MIME format.
------=_NextPart_000_0037_01C0C1B7.878A0800
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
NcFTPd Server for UNIX from NcFTP Software is not vulnerable to the
pathname globbing buffer overflow described by NAI COVERT Labs advisory
(COVERT-2001-02) (which is also documented in CERT Advisory CA-2001-07).
Additionally, NcFTPd Server is not vulnerable to the globbing
denial-of-service bug mentioned recently (March 16) on BUGTRAQ.
Mike Gleason
NcFTP Software
http://www.NcFTP.com
(I apologize in advance if this message does not display correctly - I
disabled HTML mail format in Microsoft Outlook so hopefully there will
be no problems.)
------=_NextPart_000_0037_01C0C1B7.878A0800
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFrzCCAn4w
ggHnoAMCAQICAwST1TANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl
c3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsT
FENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAw
MC44LjMwMB4XDTAxMDQxMDEzMTMxN1oXDTAyMDQxMDEzMTMxN1owRDEfMB0GA1UEAxMWVGhhd3Rl
IEZyZWVtYWlsIE1lbWJlcjEhMB8GCSqGSIb3DQEJARYSbWdsZWFzb25AbmNmdHAuY29tMIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw0Uy5+Lix3tw/FEDlF5K49/JSrSM99wwh2ErcGYVSrYFJ
mAYIX2z1MRV/RBK+HzO72UwORZD5VBAdc1JV1Za2/Q13dMTkOLixj476/F2jWG3CIEgBKqZooNgY
7Gmqgq1P9KfBdWfNFBkZcOrNmaJLhg3nu4pefk4VknbpCr4A+QIDAQABoy8wLTAdBgNVHREEFjAU
gRJtZ2xlYXNvbkBuY2Z0cC5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQA5w3nD
P3Prd2Luyr5IFCVRDIbeuzlftDfKzrrCpNfeIavVlRkkGedT1cF1TSSzT0FPZpRSDzJwKSneM1zz
O4Bf1mRkM611WAgY6peYpoZXqxLM7tdqt/o3f0EAkIfTTSDlNts7BNdNlwDFM4C24FYEnez+WpGk
FZ1HrfBlK1l/FjCCAykwggKSoAMCAQICAQwwDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNVBAYTAlpB
MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhh
d3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x
JDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVy
c29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMDA4MzAwMDAwMDBaFw0wMjA4MjkyMzU5NTla
MIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRv
d24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNV
BAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAwLjguMzAwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAN4zMqZjxwklRT7SbngnZ4HF2ogZgpcO40QpimM1Km1wPPrcrvfudG8wvDOQf/k0caCj
bZjxw0+iZdsN+kvx1t1hpfmFzVWaNRqdknWoJ67Ycvm6AvbXsJHeHOmr4BgDqHxDQlBRh4M88Dm0
m1SKE4f/s5udSWYALQmJ7JRr6aFpAgMBAAGjTjBMMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQ
cml2YXRlTGFiZWwxLTI5NzASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG
9w0BAQQFAAOBgQBzG28mZYv/FTRLWWKK7US+ScfoDbuPuQ1qJipihB+4h2N0HG23zxpTkUvhzeY4
2e1Q9DpsNJKs5pKcbsEjAcIJp+9LrnLdBmf1UG8uWLi2C8FQV7XsHNfvF7bViJu3ooga7TlbOX00
/LaWGCVNavSdxcORL6mWuAU8Uvzd6WIDSDGCAsgwggLEAgEBMIGaMIGSMQswCQYDVQQGEwJaQTEV
MBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0
ZTEdMBsGA1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVt
YWlsIFJTQSAyMDAwLjguMzACAwST1TAJBgUrDgMCGgUAoIIBgzAYBgkqhkiG9w0BCQMxCwYJKoZI
hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMTA0MTAxNzEyMzZaMCMGCSqGSIb3DQEJBDEWBBTrYPL3
4dhb0aMquF1qJZLBKHPyyDB2BgkqhkiG9w0BCQ8xaTBnMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC
AgIAgDAHBgUrDgMCBzAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjAHBgUrDgMCGjAK
BggqhkiG9w0CBTAKBggqhkiG9w0CBTCBqwYJKwYBBAGCNxAEMYGdMIGaMIGSMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRo
YXd0ZTEdMBsGA1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZy
ZWVtYWlsIFJTQSAyMDAwLjguMzACAwST1TANBgkqhkiG9w0BAQEFAASBgBqhCcaPKBNM0svrXZ38
5fI3qRAcYunl2fqPE89w5jSBG1coF9xifuEpsqxKQjJhXr2QMOtGs4PJO2/50jRukFF8YZ9AOB8d
eYlLxYMY1BfnvlPOwydPrzm5IxU6NyDIuEtHE67D0e7isCf9z7dtsYhAAQaOs9UxMhZVpWJcWW2n
AAAAAAAA
------=_NextPart_000_0037_01C0C1B7.878A0800--
