[23328] in bugtraq
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
daemon@ATHENA.MIT.EDU (Rick Kelly)
Fri Nov 30 11:02:24 2001
From: Rick Kelly <rmk@toad.rmkhome.com>
Message-Id: <200111300007.fAU07Kv05883@toad.rmkhome.com>
In-Reply-To: <Pine.NEB.4.40.0111291224130.354-100000@odysseus.mono.org> from
David Brownlee at "Nov 29, 2001 12:27:11 pm"
To: David Brownlee <abs@formula1.com>
Date: Thu, 29 Nov 2001 17:07:19 -0700 (MST)
Cc: Andre Oppermann <oppermann@pipeline.ch>, script0r <script0r@axenet.org>,
bugtraq@securityfocus.com
Reply-To: rmk@rmkhome.com
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
David Brownlee said:
> Can confirm 'ls ~{' runs without problem by ftp on NetBSD
> 1.5.2, 1.4.1, and 1.3.2 systems.
ftp.rmkhome.com is NetBSD/i386 1.4.1 with wuftpd 2.6.1
I applied the patches from the wuftpd ftp site.
This is what I see now:
/home/rmk> ftp ftp.rmkhome.com
Connected to tencats.rmkhome.com.
220 tencats.rmkhome.com FTP server (Version wu-2.6.1(3) Thu Nov 29 14:15:29 MST 2001) ready.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
500 'EPSV': command not understood.
227 Entering Passive Mode (216,17,154,228,54,106)
550 Missing }
ftp>
Looks good to me.
--
Rick Kelly rmk@rmkhome.com www.rmkhome.com
