From owner-freebsd-security  Mon Oct  2 11:57:59 2000
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id EFC5137B503
	for <security@FreeBSD.ORG>; Mon,  2 Oct 2000 11:57:55 -0700 (PDT)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id MAA08021;
	Mon, 2 Oct 2000 12:57:37 -0600 (MDT)
Message-Id: <4.3.2.7.2.20001002125514.00d13f00@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Mon, 02 Oct 2000 12:57:26 -0600
To: James Wyatt <jwyatt@rwsystems.net>
From: Brett Glass <brett@lariat.org>
Subject: Re: ftpd bug in FreeBSD through at least 3.4
Cc: security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.10.10010021337181.43354-100000@bsdie.rwsystems.
 net>
References: <4.3.2.7.2.20001002113441.04932240@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

James:

You're right! The message is coming from the client (which is good). 
However, the client is quite fragile (which is NOT good). I don't 
know if it is possible to exploit the client from a hostile server 
or not.

--Brett

At 12:48 PM 10/2/2000, James Wyatt wrote:
  
>Uh, Brett the FreeBSD and Linux ftpd differ a *lot*! You'll get more mail.
>
>That aside, this segfaults the client on the command line. Read my lips,
>"no new privelages". (Like most of the Pine bugs discussed earlier. (^_^)
>
>It's even easier to duplicate than the original post. You can do it on a
>failed login and needs only one %s to coredump.....





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message