Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 158543 - net-misc/wget FTP_Syst() Function NULL dereference
Summary: net-misc/wget FTP_Syst() Function NULL dereference
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Other
: High normal
Assignee: Gentoo's Team for Core System packages
URL: http://http://www.securityfocus.com/b...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-12-19 07:12 UTC by Federico L. Bossi Bonin
Modified: 2008-01-28 14:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Federico L. Bossi Bonin 2006-12-19 07:12:01 UTC 
Unhandled Expetional Condition in ftp_syst() 
PoC: http://www.milw0rm.com/exploits/2947
Comment 1 Tavis Ormandy (RETIRED) gentoo-dev 2006-12-19 08:03:35 UTC 
Frederico, thanks for the report, but this doesnt look like an "Unchecked Boundary Condition", just a simple NULL dereference.

The security team doesnt usually handle "client DoS" type bugs, as their impact is so low. (for example, why not just remove the file in question, in both cases wget exits with an error). Reassigning to maintainer....
Comment 2 SpanKY gentoo-dev 2008-01-28 14:03:55 UTC 
please retest with wget-1.11 and if it still fails, re-open with the new output