vsftpd using ls? [was: [SECURITY] Fedora Core 1 Update: coreutils-5.0-34.1]
Tim Waugh
twaugh at redhat.com
Thu Mar 11 13:39:44 UTC 2004
On Thu, Mar 11, 2004 at 02:32:52PM +0100, Leonard den Ottolander wrote:
> Hello Tim, all,
>
> > An updated coreutils package is available fixing an issue in the ls(1)
> > utility, described at:
> >
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853
> >
> > Note that this vulnerability affects Internet-facing services which execute
> > ls(1) with user-supplied input, and although wu-ftpd is one such service it
> > is not supplied with Fedora Core 1.
>
> I am curious to know if vsftpd calls ls, or uses it's own
> implementation. How about some of the other ftp daemons? Other services
> in general?
The vsftpd daemon uses its own built-in implementation.
Tim.
*/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20040311/a27a2203/attachment-0002.bin
More information about the users
mailing list