[23319] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: ALERT BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

daemon@ATHENA.MIT.EDU (Fyodor)
Thu Nov 29 18:10:07 2001

Date: Fri, 30 Nov 2001 00:40:51 +0700
From: Fyodor <fygrave@tigerteam.net>
To: Brad <brad@comstyle.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20011130004051.H29550@tigerteam.net>
Mail-Followup-To: Brad <brad@comstyle.com>, bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSO.4.42.0111282012180.14075-100000@ss5.comstyle.com>; from brad@comstyle.com on Wed, Nov 28, 2001 at 08:15:33PM -0500

On Wed, Nov 28, 2001 at 08:15:33PM -0500, Brad wrote:
> OpenBSD's ftpd exhibits the same behavior, 2.9-stable, 3.0-stable and
> -current.
> 

Due to OpenBSD specific malloc implementation (they keep allocated pageinfo
structs separately from allocated chunks, which could be affected
externally) this bug doesn't seem to be exploitable on OpenBSD though.

(wish it could be;-))

-F
-- 
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23319] in bugtraq

Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

daemon@ATHENA.MIT.EDU (Fyodor)Thu Nov 29 18:10:07 2001

Re: ALERT BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

daemon@ATHENA.MIT.EDU (Fyodor)
Thu Nov 29 18:10:07 2001