Date: Thu, 29 Nov 2001 01:29:20 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: "Andrew R. Reiter" <arr@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG Subject: Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability (fwd) Message-ID: <20011128222920.GB45632@nagual.pp.ru> In-Reply-To: <200111281916.fASJGiu00666@khavrinen.lcs.mit.edu> References: <Pine.NEB.3.96L.1011128125641.42899A-100000@fledge.watson.org> <200111281916.fASJGiu00666@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 28, 2001 at 14:16:44 -0500, Garrett Wollman wrote: > <<On Wed, 28 Nov 2001 12:57:12 -0500 (EST), "Andrew R. Reiter" > <arr@FreeBSD.org> quotes a bugtrraq advisory stating: > > > The attacker must ensure that a maliciously constructed malloc header > > containing the target address and it's replacement value are in the > > right location in the uninitialized part of the heap. The attacker > > must also place shellcode in server process memory. > > ...which means that this vulnerability does not exist under FreeBSD, > since PHK-malloc does not mingle its metadata with its heap. The vulnerability is buffer overflow, not destroying malloc data. I fix it in wu-ftpd-2.6.1_7 -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011128222920.GB45632>