From Bugzilla Helper: User-Agent: Mozilla/4.77 [de] (X11; U; Linux 2.2.19 i686) kerberos-workstation includes kerberized ftp, gssftpd, which is not wu-ftpd but the BSD ftp. This FTP is possibly vulnerable to the GLOB attacks as described in CERT /Covert Labs Advisory recently. Also, plain "ls ~" gives you the FTP home path, which is considered bad (albeit highly predictable anyway on linux boxen) Reproducible: Always Steps to Reproduce: 1. Enable gssftp with chckconfig to allow kerberized FTP connections 2. Login to the ftp server using anonymous FTP 3. Type "cd ~*" Actual Results: 421 service not available. gdb attached to ftpd shows it segfaulted. Expected Results: Nothing I am not 100% sure if this is exploitable, I didnt dig in that deep. Covert Labs quote exploitability under certain circumstances. Nevertheless, a remotely induced segfault is pretty bad. Fortunately, the krb gssftp is probably not used widely.
*** Bug 37731 has been marked as a duplicate of this bug. ***
Folks, you have had this for a whole month now. A week after my initial report here, this came up on BugTraq and was labeled REMOTE EXPLOITABLE. A fix was provided in the Bugtraq posting. Since #37731 you knew the BugTraq post (and thats been 3 weeks ago as well) It is therefore reasonable to state what seems obvious, and set the bug to WONTFIX.
*sigh*
krb5-1.2.2-5 has been released as an errata.