7788535 2002-01-11 09:58 +0100  /47 rader/ Replugge [Rod] <replugge@alcoholico.org>
Sänt av: joel@lysator.liu.se
Importerad: 2002-01-11  23:53  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <20498>
Ärende: Kerberos 5 ftp client Core Dump
------------------------------------------------------------
From: "Replugge [Rod]" <replugge@alcoholico.org>
To: bugtraq@securityfocus.com
Message-ID: <1010739498.19750.1286.camel@puma.trustix.com>

A problem exist in the ftp client provided by Kerberos 5  1.2.2,
kerberos 5 ftp client is provided by the rpm package
krb5-workstation-1.2.2-12.

I tested this on Redhat 7.1 i386/alpha ...

# ftp localhost
Connected to localhost.localdomain.
220 testbox.something.com FTP server (Version wu-2.6.1-16.7x.1) ready.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:user1): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> get ~{
remote: ~{
Segmentation fault


Strace:

 read(0, get ~{
"get ~{\n", 1024)               = 7
write(1, "remote: ~{\n", 11remote: ~{
)            = 11
rt_sigaction(SIGINT, {0x8053070, [INT], SA_RESTART|0x4000000},
{0x80576b0, [INT], SA_RESTART|0x4000000}, 8) = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++



--
/* 
Rodrigo Gutierrez <rodrigo@trustix.com>
Trustix AS - http://www.trustix.com 
*/
(7788535) /Replugge [Rod] <replugge@alcoholico.org>/