Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 03, 2001 at 09:32:25AM +0100, Morten Poulsen wrote:
> > ftp> ls -al ~{
> > Segmentation fault (core dumped)
> No, it's a problem in your client. I can btw reproduce it with the ftp
> client from Linux NetKit 0.16 on LinuxPPC.

  'ls -al <something here>' in a command-line ftp client means to save the
result of 'ls -al' in '<something here>' . 

  <something here> is expanded by your FTP client. The ftp server only sees
'ls -al'. So you are probably triggering the glibc bug locally.

  If you want to send a pattern and ls options, quote the space :
  
  ls -al\ ~{
  
  Best regards,
       -Frank.


-- 
           Upgrade your FTP server to something simple and secure
                           http://www.pureftpd.org

[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux