Algu�m sabe se o proftpd 1.2.2rc1 (do CL7) tembem � vulneravel ao bug "File Globbing Problems (////.../)" ?�?�? Esse bug � grave ?
http://neworder.box.sk/showme.php3?id=5935 Nessa p�gina, diz que s� o 1.2.4 e o 1.2.2rc3 tem problemas Resolv� fazer o teste, e ele termina com sinal 11: [rafael@xxxx rafael]$ ftp 127.0.0.1 Connected to 127.0.0.1. 220 ProFTPD 1.2.2rc1 Server ready. Name (127.0.0.1:rafael): ftp 331 Anonymous login ok, send your complete email address as your password. Password: 230 Acesso an�nimo aceito para ftp. %T Remote system type is UNIX. Using binary mode to transfer files. ftp> ls ///////////// 200 PORT command successful. 150 Opening ASCII mode data connection for file list. 421 Service not available, remote server has closed connection ftp> Dec 27 21:35:43 xxxx proftpd[11193]: xxx (localhost[127.0.0.1]) - ProFTPD terminating (signal 11) Dec 27 21:35:43 xxxx inetd[11181]: pid 11193: exit signal 11 Sobre o bug: A problem in handling file globbing exists in the current version of ProFTPD 1.2.4. This is very similar to the wu-ftpd bug ("ls ~{") and occurs when you issuing the command: ls /////////// (11 or more '/'). A segmentation fault occurs when the server tries to free a unallocated memory with a free()-function and it could be a heap corruption vulnerability. It is in the file lib/glibc-glob.c in function void globfree (pglob) the SEGV occurs. tks. ...e feliz ano novo !!! Assinantes em 27/12/2001: 2297 Mensagens recebidas desde 07/01/1999: 147977 Historico e [des]cadastramento: http://linux-br.conectiva.com.br Assuntos administrativos e problemas com a lista: mailto:[EMAIL PROTECTED]
