From owner-freebsd-security  Tue Feb 16 01:13:28 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA25098
          for freebsd-security-outgoing; Tue, 16 Feb 1999 01:13:28 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from aniwa.sky (p36-max5.wlg.ihug.co.nz [202.49.241.36])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA25093
          for <freebsd-security@FreeBSD.ORG>; Tue, 16 Feb 1999 01:13:25 -0800 (PST)
          (envelope-from andrew@squiz.co.nz)
Received: from aniwa.sky (localhost [127.0.0.1])
	by aniwa.sky (8.9.1a/8.9.1) with ESMTP id WAA17654;
	Tue, 16 Feb 1999 22:13:02 +1300 (NZDT)
Message-Id: <199902160913.WAA17654@aniwa.sky>
X-Mailer: exmh version 2.0.2 2/24/98
To: cjclark@home.com
cc: freebsd-security@FreeBSD.ORG
Subject: Re: CA-99-03-FTP-Buffer-Overflows 
In-reply-to: Your message of "Mon, 15 Feb 1999 22:13:07 CDT."
             <199902160313.WAA29938@cc942873-a.ewndsr1.nj.home.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 16 Feb 1999 22:13:02 +1300
From: Andrew McNaughton <andrew@squiz.co.nz>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> See, 
> 
> http://www.cert.org/advisories/CA-99-03-FTP-Buffer-Overflows.html
> 
> For the full text.
> 
> Is FreeBSD vunerable? I hope that this,
> 
> > % NetBSD
> > 
> >            % NetBSD      All versions ARE NOT vulnerable.
> 
> Implies FreeBSD is neither. I know FreeBSD and NetBSD use the same
> ftp, but ftpd? Just looking for verification. Thanks.

I found it rather curious that FreeBSD's ftpd was not mentioned.  Particularly as the PGP signature's version ID said FreeBSD was used, implying that it would have been around for testing.

Andrew McNaughton




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message