[OpenAFS] FTPD vulnerable to glob?

Nathan Neulinger nneul@umr.edu
Tue, 17 Apr 2001 20:39:24 -0500


Thomas Vincent wrote:
> 
> Hi Everyone,
> I was curious if anyone had verified if the FTPd in the OpenAFS cvs is
> vulnerable to the globbing attack that was identified recently.
> 
> I would like to use a AFS aware ftpd server. Does anyone have any other
> recommendations, then the ftp server in the CVS?

*laugh* The ftpd server in OpenAFS is probably vulnerable to alot worse
than the glob() attack. You'd have to be nuts to actually use it.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
CIS - Systems Programming                Fax: (573) 341-4216