"Junius, Martin" wrote:
>
> I just did some tests with RedHat 7.2, glibc-2.2.4-19, and ftpd-BSD-0.3.2.
> "ls ~{" makes the ftpd process die in glibc´s glob(pattern="~{", ...)
> function with a SEGV. Beside that ftpd-BSD uses globfree() to release
> the memory. So as long as glibc's glob() is safe, ftpd-BSD *should*
> be safe against this exploit.
SGI's ftp in IRIX 6.5 isn't vulnerable :
erwin 1% uname -a
IRIX erwin 6.5 01221644 IP32
fred@servans:~/a> ftp erwin
Connected to erwin.mobach.nl.
220 erwin.mobach.nl FTP server ready.
Name (erwin:fred): mendel
331 Password required for mendel.
Password:
230 User mendel logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
500 'EPSV': command not understood.
227 Entering Passive Mode (172,16,21,158,4,241)
150 Opening ASCII mode data connection for '/bin/ls'.
UX:ls: ERROR: Cannot access ~{: No such file or directory
226 Transfer complete.
ftp>
Regards,
Fred
--
Fred Mobach - fred@mobach.nl - postmaster@mobach.nl
Systemhouse Mobach bv - The Netherlands - since 1976
Save Harbour for encumbered Free and Open Source software and links:
http://apache.dataloss.nl/~fred/
