Bug 149720
Summary: | CAN-2005-0256 DoS in wu-ftpd | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Josh Bressers <bressers> |
Component: | wu-ftpd | Assignee: | Peter Vrabec <pvrabec> |
Status: | CLOSED NOTABUG | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2.1 | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=moderate,public=20050225,source=bugtraq,reported=20050225 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-05-16 12:01:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Josh Bressers
2005-02-25 18:51:24 UTC
Debian fixed this and say + * Applied patch by Chris Butler to fix denial of service in the NLST + command [src/ftpd.c, CAN-2005-0256] But the patch isn't broken out in their update. It's probably the hunk: <mjcox> @@ -7487,6 +7517,9 @@ <mjcox> } <mjcox> else { <mjcox> do <mjcox> + if ((in[0] == '*') && (in[1] == '*')) <mjcox> + in++; <mjcox> + else <mjcox> *out++ = *in++; <mjcox> while ((*in != '\0') && (*in != '/')); <mjcox> if (*in == '/') <mjcox> looks like that collapses multiple * wu_fnmatch.c looks to contain code that is meant to collapse multiple *; while (c == '*') c = *++pattern; But this code is there in 2.6.1 which the report says is vulnerable. I couldn't reproduce this issue at all on my 2.6.2 wu-ftpd. I can't reproduce it either. Mark, Peter, Any complaints if we close this? Nobody seems to think we're vulnerable. Not at all. I'm closing this since we can't reproduce it. |