From owner-freebsd-security  Mon Apr 16 12:35:51 2001
Delivered-To: freebsd-security@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id 450AF37B42C
	for <security@FreeBSD.ORG>; Mon, 16 Apr 2001 12:35:47 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id PAA98984;
	Mon, 16 Apr 2001 15:34:33 -0400 (EDT)
	(envelope-from wollman)
Date: Mon, 16 Apr 2001 15:34:33 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200104161934.PAA98984@khavrinen.lcs.mit.edu>
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: Igor Roshchin <str@giganda.komkon.org>, security@FreeBSD.ORG
Subject: Re: Wu-ftpd and Remote BSD ftpd glob exploit 
In-Reply-To: <200104161846.f3GIkL206263@cwsys.cwsent.com>
References: <200104161516.LAA70850@giganda.komkon.org>
	<200104161846.f3GIkL206263@cwsys.cwsent.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Mon, 16 Apr 2001 11:45:29 -0700, Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> said:

> Any application, local or remote, that uses the FreeBSD glob(3) 
> function would have been vulnerable prior to the correction date.

wu-ftpd is not one.  It has its own (4.3BSD-based) glob
implementation.  (I won't speak for whether it is vulnerable to
analogous bugs.)

-GAWollman


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message