From owner-freebsd-questions Tue Apr 10 6: 6:13 2001 Delivered-To: freebsd-questions@freebsd.org Received: from waterfall.typhoon.co.jp (waterfall.typhoon.co.jp [202.33.21.60]) by hub.freebsd.org (Postfix) with ESMTP id 9306D37B422 for ; Tue, 10 Apr 2001 06:06:10 -0700 (PDT) (envelope-from fbsd@typhoon.co.jp) Received: from typhoon.co.jp (thunder.waterfall.typhoon.co.jp [192.168.3.23]) by waterfall.typhoon.co.jp (8.11.3/8.11.3/waterfall) with ESMTP id f3AD69611573 for ; Tue, 10 Apr 2001 22:06:09 +0900 (JST) Message-ID: <3AD30540.C776D890@typhoon.co.jp> Date: Tue, 10 Apr 2001 22:06:08 +0900 From: fbsd Organization: Typhoon, Inc. X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en,ja,zh-TW,ko MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: Re: CERT Advisory CA-2001-07 (fwd) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Weldon S Godfrey 3 wrote: > The File Globbing Vulnerability mentioned in CERT Advisory CA-2001-07 is > fixed in 4.2-STABLE and 5.0-CURRENT and will be fixed on 4.3-RELEASE. > > My question is, can the ftpd binary be used from 4.2-STABLE for > 4.2-RELEASE (or any 4.x-RELEASE) to fix this problem or is it that the > binary cannot work under these versions or is the fix beyond the binary > (it involves shared libraries, etc.)? I certainly hope there will be a patch (from FreeBSD.org) for 3.5.X AND 4.X too! > > > Thanks, > > Weldon > > --SNIP from CERT CA-2001-07 -- > > FreeBSD is vulnerable to the glob-related bugs. We have corrected > these bugs in FreeBSD 5.0-CURRENT and FreeBSD 4.2-STABLE, and they > will not be present in FreeBSD 4.3-RELEASE. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message