From owner-freebsd-security@FreeBSD.ORG Thu Jul 31 14:41:55 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78AD537B401 for ; Thu, 31 Jul 2003 14:41:55 -0700 (PDT) Received: from mkultra.w88trigger.com (ca.216.202.162.22.gtecablemodem.com [216.202.162.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id A93D543FAF for ; Thu, 31 Jul 2003 14:41:47 -0700 (PDT) (envelope-from fbsd@w88trigger.com) Received: from calculon.w88trigger.com (calculon.w88trigger.com [192.168.0.4]) by mkultra.w88trigger.com (Postfix) with ESMTP id 4856020F51; Thu, 31 Jul 2003 14:41:47 -0700 (PDT) From: fbsd@w88trigger.com To: , Date: Thu, 31 Jul 2003 14:41:46 -0700 User-Agent: KMail/1.5.3 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200307311441.46810.fbsd@w88trigger.com> cc: freebsd-security@freebsd.org Subject: Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 21:41:55 -0000 Did you read Mike's email!? Sure, a different compiler and OS can make buffer overflows not work, but that does not mean the buffer overflow does not exist on a different system. The buffer overflow MAY still exist and MAY still be exploitable using different exploit code (as Mike stated in his email). On Thursday 31 July 2003 14:31, polytarp@cyberspace.org wrote: > On Thu, 31 Jul 2003 mike@sentex.net wrote: > > At 02:40 PM 31/07/2003 -0400, polytarp@cyberspace.org wrote: > > >Buffer overflows which work on Linux do not work on > > > FreeBSD. > > > > You need to qualify that statement. Yes, there are some > > that will not be relevant and the exact same exploit code > > will not work. But "Buffer overflows which work on Linux > > do not work on FreeBSD" is dangerously misleading.... In the > > case of wu-ftpd there have been several issues in the past > > that affected both FreeBSD and Linux. Same bug, different > > exploit code, both vulnerable. That being said, I havent > > had a chance to review this one so I dont know. > > No, you're wrong. Even a different COMPILER -- let alone a > different OPERATING SYSTEM -- can make buffer overflows not > work. > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org"