From owner-freebsd-security Wed Nov 28 11:16:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id A5C1737B41B; Wed, 28 Nov 2001 11:16:44 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.11.4/8.11.4) id fASJGiu00666; Wed, 28 Nov 2001 14:16:44 -0500 (EST) (envelope-from wollman) Date: Wed, 28 Nov 2001 14:16:44 -0500 (EST) From: Garrett Wollman Message-Id: <200111281916.fASJGiu00666@khavrinen.lcs.mit.edu> To: "Andrew R. Reiter" Cc: freebsd-security@FreeBSD.org Subject: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability (fwd) In-Reply-To: References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < quotes a bugtrraq advisory stating: > The attacker must ensure that a maliciously constructed malloc header > containing the target address and it's replacement value are in the > right location in the uninitialized part of the heap. The attacker > must also place shellcode in server process memory. ...which means that this vulnerability does not exist under FreeBSD, since PHK-malloc does not mingle its metadata with its heap. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message