OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Patrick Cantwell (seamusmanhattan.insomnia.org)
Date: Wed Dec 05 2001 - 09:35:11 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Yes, this must be library related. I have 2 machines here both running the
    same version of the OpenBSD ftpd ported to linux. One's a slackware 7.1
    box, one's a prerelease version of slackware 8 (installed the machine
    before 8.0 made -release)..

    on the older machine:

    (Wed 10:25am) seamusbofh ttyp0:~> ftp XXX
    Connected to XXX.XXX.XXX.
    220 XXX.XXX.XXX FTP server (Version 6.5/OpenBSD, linux port 0.3.2)
    ready.
    Name (XXX:seamus): seamus
    331 Password required for seamus.
    Password:
    230- Linux 2.2.18.
    230 User seamus logged in.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> ls -al\ ~{
    200 PORT command successful.
    421 Service not available, remote server has closed connection.
    ftp> quit
    (Wed 10:25am) seamusbofh ttyp0:~>

    on the newer machine:

    (Wed 10:25am) seamusbofh ttyp0:~> ftp YYY
    Connected to YYY.YYY.YYY.
    220 YYY.YYY.YYY FTP server (Version 6.5/OpenBSD, linux port 0.3.2)
    ready.
    Name (YYY:seamus): seamus
    331 Password required for seamus.
    Password:
    230-
    230 User seamus logged in.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> ls -al\ ~{
    200 PORT command successful.
    150 Opening ASCII mode data connection for '/bin/ls'.
    ftpd: ~{: No such file or directory
    226 Transfer complete.
    ftp>

    If anyone would like to know more details (exact version numbers of glibc,
    etc..) please feel free to email me.. 

    --
TheFloyd

    On Thu, 29 Nov 2001, Flavio Veloso wrote:

    > Date: Thu, 29 Nov 2001 09:32:33 -0200 (BRST)
> From: Flavio Veloso <flaviovsmagnux.com>
> To: script0r <script0raxenet.org>
> Cc: bugtraqsecurityfocus.com
> Subject: Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption
>     Vulnerability
>
> On Wed, 28 Nov 2001, script0r wrote:
>
> > > Subject:      Wu-Ftpd File Globbing Heap Corruption Vulnerability
>    (...)
> > I am running the a linux port of the bsd ftpd and it might be vulnerable to
> > a similar attack,
> >
> > ftp localhost
> > Connected to localhost.
> > 220 playlandFTP server (Version 6.5/OpenBSD, linux port 0.3.3) ready.
> > Name (localhost:user): ftp
> > 331 Guest login ok, type your name as password.
> > Password:
> > 230 Guest login ok, access restrictions apply.
> > Remote system type is UNIX.
> > Using binary mode to transfer files.
> > ftp> ls ~{
> > 200 PORT command successful.
> > 421 Service not available, remote server has closed connection
> >
> > in inetd I find an error stating that the ftpd process has died unexpectedly
> >
> > Nov 28 14:21:28 playland inetd[82]: pid 16341: exit signal 11
>
> This may not be related to the wu-ftpd bug. I was just experiencing
> the same problem here, but further investigation showed up that it was
> due a bug in the glibc implementation of glob(3) (not exploitable,
> AFAICT).
>
> See http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html for
> details.
>
> --
> Flávio
>