Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 28 Nov 2001 14:16:44 -0500 (EST)
From:      Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To:        "Andrew R. Reiter" <arr@FreeBSD.org>
Cc:        freebsd-security@FreeBSD.org
Subject:   *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability (fwd)
Message-ID:  <200111281916.fASJGiu00666@khavrinen.lcs.mit.edu>
In-Reply-To: <Pine.NEB.3.96L.1011128125641.42899A-100000@fledge.watson.org>
References:  <Pine.NEB.3.96L.1011128125641.42899A-100000@fledge.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help
<<On Wed, 28 Nov 2001 12:57:12 -0500 (EST), "Andrew R. Reiter"
<arr@FreeBSD.org> quotes a bugtrraq advisory stating:

>   The attacker must ensure that a maliciously constructed  malloc  header
>   containing the target address and it's replacement  value  are  in  the
>   right location in the uninitialized part of  the  heap.   The  attacker
>   must also place shellcode in server process memory.

...which means that this vulnerability does not exist under FreeBSD,
since PHK-malloc does not mingle its metadata with its heap.

-GAWollman


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111281916.fASJGiu00666>