vsftpd using ls? [was: [SECURITY] Fedora Core 1 Update: coreutils-5.0-34.1]
Leonard den Ottolander
leonard at den.ottolander.nl
Thu Mar 11 13:32:52 UTC 2004
Hello Tim, all,
> An updated coreutils package is available fixing an issue in the ls(1)
> utility, described at:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853
>
> Note that this vulnerability affects Internet-facing services which execute
> ls(1) with user-supplied input, and although wu-ftpd is one such service it
> is not supplied with Fedora Core 1.
I am curious to know if vsftpd calls ls, or uses it's own
implementation. How about some of the other ftp daemons? Other services
in general?
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
More information about the users
mailing list