[23563] in bugtraq
Re: ProFTPD - Problems in file globbing, gives segmentation fault.
daemon@ATHENA.MIT.EDU (Rink Springer)
Wed Dec 19 18:20:13 2001
Message-ID: <000d01c188b5$a8078dd0$0400000a@aurum>
From: "Rink Springer" <rink@rink.nu>
To: <bugtraq@securityfocus.com>
Date: Wed, 19 Dec 2001 18:50:33 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
ProFTPd 1.2.4 on FreeBSD 4.4-RELEASE gives this in /var/log/messages:
----
Dec 19 17:49:16 thallium proftpd
Dec 19 17:49:16 thallium in free():
Dec 19 17:49:16 thallium warning:
Dec 19 17:49:16 thallium junk pointer, too high to make sense.
----
Repeated a douzen times... the FTP daemon does not crash, however.
--Rink
> On Wed, Dec 19, 2001 at 02:22:40PM +0100, Mattias _ wrote:
> > 1.2.4 (but it's fixed in the Candidate version: 1.2.5rc1). This
> > is very similar to the wu-ftpd bug ("ls ~{") and occurs when you issue
> > the command: ls /////////// (11 or more '/'). I haven't figured out if
> > it's exploitable. That's why I post it to you guys. :-)
> >
> > AFFECTED VERSIONS
> > =================
> > ProFTPD 1.2.4
> > ProFTPD 1.2.2rc3
> > (Others may be affected as well.)
> >
> > SYSTEMS
> > =======
> > This is tested on Slackware 8.
