[23301] in bugtraq
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
daemon@ATHENA.MIT.EDU (Todd C. Miller)
Wed Nov 28 23:09:13 2001
Message-Id: <200111290318.fAT3I77q013615@xerxes.courtesan.com>
To: "script0r" <script0r@axenet.org>
Cc: bugtraq@securityfocus.com
In-reply-to: Your message of "Wed, 28 Nov 2001 18:36:19 EST."
<35684.24.51.95.122.1006990579.squirrel@mail.axenet.org>
Date: Wed, 28 Nov 2001 20:18:07 -0700
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
In message <35684.24.51.95.122.1006990579.squirrel@mail.axenet.org>
so spake "script0r" (script0r):
> I am running the a linux port of the bsd ftpd and it might be vulnerable to
> a similar attack,
It depends entirely on your glob(3) implementation since unlike
wu-ftpd, any port of the OpenBSD ftpd that doesn't include a private
glob.c will just use the one in your own libc.
We fixed a bunch of potential glob(3) problems in OpenBSD's glob.c
a while ago (though there may be more lurking--that is nasty code!).
- todd
