The FTPD glob vulnerability manifests itself in handling of the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs: an implementation of the glob command that does not properly return an error condition when interpreting the string ~, and then frees memory which may contain user supplied data. This vulnerability is potentially exploitable by any user who is able to log in to a vulnerable server, including users with anonymous access. If successful, an attacker may be able to execute arbitrary code with the privileges of FTPD, typically root.
Contact your vendor for a fix
- PCMan's FTP Server Multiple Vulnerabilities
- Cisco IOS FTP Server Authentication Bypass Vulnerability
- Open and Compact FTPD Auth Bypass and Directory Traversal Vulnerabilities
- Smallftpd FTP Server Multiple Requests Denial of Service Vulnerability
- War FTP Daemon 'USER' and 'PASS' Remote Format String Vulnerability