Date: Mon, 2 Oct 2000 17:52:13 +0100 Subject: Re: Wu-ftpd 2.6.1(1) To: BUGTRAQ@SECURITYFOCUS.COM On Mon, 2 Oct 2000, Javor Ninov wrote: > somewhere:/$ ftp 127.0.0.1 [...] > 230 Guest login ok, access restrictions apply. > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> quote %s%s%s%s > 500 'TP<BF>9(NULL)': command not understood. > ftp>quote %s%s%s%s%s > Segmentation fault > somewhere:/$ uname -a > Linux somewhere 2.2.12 #1 Sun Sep 19 13:35:59 EEST 1999 i686 unknown > somewhere:/$ > This is a Slackware 4.0 with last wuftpd.tgz ( 02-oct-2000 ) In the above sequence, I can clearly see "Segmentation fault". Does this not suggest that the ftp _client_ is in fault, not the wuftpd server? A quick test locally, ftp> quote %s%s%s%s%s%s Segmentation fault (core dumped) [chris@blah chris]$ file core core: ELF 32-bit LSB core file of 'ftp' (signal 11), ... So, there is a format string bug in the ftp client. I am currently on a machine with RedHat-6.1, and: ftp-0.15-1 Clearly this needs fixing, if it is not already fixed in a more recent version. Connecting to a wu-ftpd server with raw telnet: [chris@blah chris]$ telnet x.x.x.x ftp Trying x.x.x.x... Connected to x.x.x.x. Escape character is '^]'. 220 x.x.x.x FTP server (Version wu-2.6.0(1) Fri Jun 23 09:22:33 EDT 2000) ready. user ftp 331 Guest login ok, send your complete e-mail address as password. pass chris@ 230 Guest login ok, access restrictions apply. quote %s%s%s%s%s%s%s%s%s%s 500 'QUOTE %s%s%s%s%s%s%s%s%s%s': command not understood. So the server seems to handle this fine. Cheers Chris