Author: JT Smith
Posted at LWN.net: “The file globbing (matching filenames against patterns such as “*.bak”)
routines in the glibc exhibits an error that results in a heap corruption
and that may allow a remote attacker to execute arbitrary commands from
processes that take globbing strings from user input.
Tom Parker, Global InterSec LLC, addressed SuSE Security and illustrated
an attack scenario against the BSD-derived ftp daemon that is installed
as /usr/sbin/in.ftpd in SuSE Linux distributions. The said in.ftpd should
not be confused with the Washington University ftp daemon (wu-ftpd) that
comes installed as /usr/sbin/wu.ftpd in SuSE Linux and uses its own
globbing functions.”
routines in the glibc exhibits an error that results in a heap corruption
and that may allow a remote attacker to execute arbitrary commands from
processes that take globbing strings from user input.
Tom Parker, Global InterSec LLC, addressed SuSE Security and illustrated
an attack scenario against the BSD-derived ftp daemon that is installed
as /usr/sbin/in.ftpd in SuSE Linux distributions. The said in.ftpd should
not be confused with the Washington University ftp daemon (wu-ftpd) that
comes installed as /usr/sbin/wu.ftpd in SuSE Linux and uses its own
globbing functions.”
Category:
- Linux
