[23557] in bugtraq
Re: ProFTPD - Problems in file globbing, gives segmentation fault.
daemon@ATHENA.MIT.EDU (Edsel Adap)
Wed Dec 19 14:42:35 2001
Date: Wed, 19 Dec 2001 11:25:59 -0500
From: Edsel Adap <edsel@adap.org>
To: Mattias _ <surre1@hotmail.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20011219112559.D7038@adap.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <F123FJMf8Tm3v640Za0000006ea@hotmail.com>; from surre1@hotmail.com on Wed, Dec 19, 2001 at 02:22:40PM +0100
On Wed, Dec 19, 2001 at 02:22:40PM +0100, Mattias _ wrote:
> 1.2.4 (but it’s fixed in the Candidate version: 1.2.5rc1). This
> is very similar to the wu-ftpd bug (“ls ~{”) and occurs when you issue
> the command: ls /////////// (11 or more ‘/’). I haven’t figured out if
> it’s exploitable. That’s why I post it to you guys. :-)
>
> AFFECTED VERSIONS
> =================
> ProFTPD 1.2.4
> ProFTPD 1.2.2rc3
> (Others may be affected as well.)
>
> SYSTEMS
> =======
> This is tested on Slackware 8.
I tested this on Debian 2.2 with proftpd 1.2.0pre10 and it doesn't seem
to be vulnerable.
