Yes, this must be library related. I have 2 machines here both running the
same version of the OpenBSD ftpd ported to linux. One's a slackware 7.1
box, one's a prerelease version of slackware 8 (installed the machine
before 8.0 made -release)..
on the older machine:
(Wed 10:25am) seamus@bofh ttyp0:~> ftp XXX
Connected to XXX.XXX.XXX.
220 XXX.XXX.XXX FTP server (Version 6.5/OpenBSD, linux port 0.3.2)
ready.
Name (XXX:seamus): seamus
331 Password required for seamus.
Password:
230- Linux 2.2.18.
230 User seamus logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -al\ ~{
200 PORT command successful.
421 Service not available, remote server has closed connection.
ftp> quit
(Wed 10:25am) seamus@bofh ttyp0:~>
on the newer machine:
(Wed 10:25am) seamus@bofh ttyp0:~> ftp YYY
Connected to YYY.YYY.YYY.
220 YYY.YYY.YYY FTP server (Version 6.5/OpenBSD, linux port 0.3.2)
ready.
Name (YYY:seamus): seamus
331 Password required for seamus.
Password:
230-
230 User seamus logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -al\ ~{
200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
ftpd: ~{: No such file or directory
226 Transfer complete.
ftp>
If anyone would like to know more details (exact version numbers of glibc,
etc..) please feel free to email me..
--
TheFloyd
On Thu, 29 Nov 2001, Flavio Veloso wrote:
> Date: Thu, 29 Nov 2001 09:32:33 -0200 (BRST)
> From: Flavio Veloso <flaviovs@magnux.com>
> To: script0r <script0r@axenet.org>
> Cc: bugtraq@securityfocus.com
> Subject: Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption
> Vulnerability
>
> On Wed, 28 Nov 2001, script0r wrote:
>
> > > Subject: Wu-Ftpd File Globbing Heap Corruption Vulnerability
> (...)
> > I am running the a linux port of the bsd ftpd and it might be vulnerable to
> > a similar attack,
> >
> > ftp localhost
> > Connected to localhost.
> > 220 playlandFTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready.
> > Name (localhost:user): ftp
> > 331 Guest login ok, type your name as password.
> > Password:
> > 230 Guest login ok, access restrictions apply.
> > Remote system type is UNIX.
> > Using binary mode to transfer files.
> > ftp> ls ~{
> > 200 PORT command successful.
> > 421 Service not available, remote server has closed connection
> >
> > in inetd I find an error stating that the ftpd process has died unexpectedly
> >
> > Nov 28 14:21:28 playland inetd[82]: pid 16341: exit signal 11
>
> This may not be related to the wu-ftpd bug. I was just experiencing
> the same problem here, but further investigation showed up that it was
> due a bug in the glibc implementation of glob(3) (not exploitable,
> AFAICT).
>
> See http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html for
> details.
>
> --
> Flávio
>
