[23302] in bugtraq
Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption
daemon@ATHENA.MIT.EDU (Brad)
Wed Nov 28 23:09:45 2001
Date: Wed, 28 Nov 2001 20:15:33 -0500 (EST)
From: Brad <brad@comstyle.com>
To: bugtraq@securityfocus.com
In-Reply-To: <3C057A82.C2258A6E@pipeline.ch>
Message-ID: <Pine.BSO.4.42.0111282012180.14075-100000@ss5.comstyle.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
OpenBSD's ftpd exhibits the same behavior, 2.9-stable, 3.0-stable and
-current.
// Brad
brad@comstyle.com
brad@openbsd.org
>The FreeBSD ftpd on at least FreeBSD 4.4 and FreeBSD 5.0-current does
>not crash but simply provides a normal 'ls' output even though script0r
>sees his Linux port of the (Open)BSD ftpd crashing.
>
>--
>Andre
>
>
>script0r wrote:
>>
>> >
>> > --------------------------------------------------------------------------
>> -
>> > Security Alert
>> >
>> > Subject: Wu-Ftpd File Globbing Heap Corruption Vulnerability
>> > BUGTRAQ ID: 3581 CVE ID: CVE-MAP-NOMATCH
>> > Published: Nov 27, 2001 Updated: Nov 28, 2001
>> > 01:12:56
>> >
>> > Remote: Yes Local: No
>> > Availability: Always Authentication: Not Required
>> > Credibility: Vendor Confirmed Ease: No Exploit
>> > Available Class: Failure to Handle Exceptional Conditions
>> >
>> > Impact: 10.0 Severity: 10.0 Urgency: 8.2
>> >
>> > Last Change: Initial analysis.
>> > --------------------------------------------------------------------------
>>
>> I am running the a linux port of the bsd ftpd and it might be vulnerable to
>> a similar attack,
>>
>> ftp localhost
>> Connected to localhost.
>> 220 playlandFTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready.
>> Name (localhost:user): ftp
>> 331 Guest login ok, type your name as password.
>> Password:
>> 230 Guest login ok, access restrictions apply.
>> Remote system type is UNIX.
>> Using binary mode to transfer files.
>> ftp> ls ~{
>> 200 PORT command successful.
>> 421 Service not available, remote server has closed connection
>>
>> in inetd I find an error stating that the ftpd process has died unexpectedly
>>
>> Nov 28 14:21:28 playland inetd[82]: pid 16341: exit signal 11
