Date: Mon, 02 Oct 2000 12:57:26 -0600 From: Brett Glass <brett@lariat.org> To: James Wyatt <jwyatt@rwsystems.net> Cc: security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <4.3.2.7.2.20001002125514.00d13f00@localhost> In-Reply-To: <Pine.BSF.4.10.10010021337181.43354-100000@bsdie.rwsystems. net> References: <4.3.2.7.2.20001002113441.04932240@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
James: You're right! The message is coming from the client (which is good). However, the client is quite fragile (which is NOT good). I don't know if it is possible to exploit the client from a hostile server or not. --Brett At 12:48 PM 10/2/2000, James Wyatt wrote: >Uh, Brett the FreeBSD and Linux ftpd differ a *lot*! You'll get more mail. > >That aside, this segfaults the client on the command line. Read my lips, >"no new privelages". (Like most of the Pine bugs discussed earlier. (^_^) > >It's even easier to duplicate than the original post. You can do it on a >failed login and needs only one %s to coredump..... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20001002125514.00d13f00>