|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Yet another heap overflow in wu-ftpd and so on...
From: portal (portal
SECURITY.IS)Date: Thu Jun 08 2000 - 16:31:13 CDT
- Next message: Technical Support: "Security Update: flaws in the SSL transaction handling of Netscape"
- Previous message: Philip Guenther: "Re: local root on linux 2.2.15"
- In reply to: Michal Zalewski: "Yet another heap overflow in wu-ftpd and so on..."
- Reply: portal: "Re: Yet another heap overflow in wu-ftpd and so on..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>similar command as above 'grep' can see it clearly. It's
>rather obvious that there's an overflow in optional
>feature introduced in recent wu-ftpd
>versions, called 'internal ls'. But this problem has been
>discovered by someone else (I'm not sure who did it,
>someone from teso or Lam3rZ) days
>ago. Sorry, anyway :)
I guess it was me :) I think I spotted it in April/May last
year while auditing 2.5.0, and told somebody in teso about
it. It's nothing in peculiar, and has too many
requirements. One has to create a symbolic link in a
directory and list it with the 'internal ls'.
Additionally, it's a heap overflow. Have fun with it ;)
Sincerely,
portalsecurity.is
- www.security.is -
- Next message: Technical Support: "Security Update: flaws in the SSL transaction handling of Netscape"
- Previous message: Philip Guenther: "Re: local root on linux 2.2.15"
- In reply to: Michal Zalewski: "Yet another heap overflow in wu-ftpd and so on..."
- Reply: portal: "Re: Yet another heap overflow in wu-ftpd and so on..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]