In message <35684.24.51.95.122.1006990579.squirrel@mail.axenet.org> so spake "script0r" (script0r): > I am running the a linux port of the bsd ftpd and it might be vulnerable to > a similar attack, It depends entirely on your glob(3) implementation since unlike wu-ftpd, any port of the OpenBSD ftpd that doesn't include a private glob.c will just use the one in your own libc. We fixed a bunch of potential glob(3) problems in OpenBSD's glob.c a while ago (though there may be more lurking--that is nasty code!). - todd
