[23316] in bugtraq
RE: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption
daemon@ATHENA.MIT.EDU (Sandor W. Sklar)
Thu Nov 29 16:19:43 2001
Mime-Version: 1.0
Message-Id: <p0510100fb82c2e124b68@[171.66.201.10]>
In-Reply-To: <21380A50AB13D511A16200034723355C8F3176@G8PNU>
Date: Thu, 29 Nov 2001 10:27:47 -0800
To: BUGTRAQ@securityfocus.com
From: "Sandor W. Sklar" <ssklar@stanford.edu>
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: 8bit
just to help complete the list of "ok"/"not ok" systems, neither the
AIX 4.3.3-ML08 ftpd daemon nor the Mac OS X 10.1.1/Darwin 5.1 ftpd
daemon appear to be vulnerable.
At 5:46 PM +0100 11/29/01, Junius, Martin wrote:
>
>
>I just did some tests with RedHat 7.2, glibc-2.2.4-19, and ftpd-BSD-0.3.2.
>"ls ~{" makes the ftpd process die in glibc´s glob(pattern="~{", ...)
>function with a SEGV. Beside that ftpd-BSD uses globfree() to release
>the memory. So as long as glibc's glob() is safe, ftpd-BSD *should*
>be safe against this exploit.
>
>On RedHat 6.2, glibc-2.1.3-22, "ls ~{" simply returns "No such file
>or directory".
>
>Martin
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sandor W. Sklar - Unix Systems Administrator - Stanford University ITSS
Non impediti ratione cogitationis. <http://whippet.stanford.edu/~ssklar/>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
