Date: Mon, 02 Oct 2000 13:43:33 -0600 From: Brett Glass <brett@lariat.org> To: Jordan Hubbard <jkh@winston.osd.bsdi.com> Cc: security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <4.3.2.7.2.20001002133527.00d604a0@localhost> In-Reply-To: <59846.970514080@winston.osd.bsdi.com> References: <Message from Brett Glass <brett@lariat.org> <4.3.2.7.2.20001002113441.04932240@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:14 PM 10/2/2000, Jordan Hubbard wrote: >That's the client crashing, you knob. Read the advisories more closely. >What linux ftp clients do is not all that urgent a concern of ours. Jordan: Alas, there is still reason for concern. Here's why: 1) At least some FreeBSD clients are also crashing in the same way as the Linux client described in that message. They're segfaulting, which means they could be susceptible to attacks from malicious servers. 2) There is still some funkiness in recent FreeBSD servers too. This is evidenced by the fact that bad commands can generate responses which look like a memory dump. They also mess up the output of ps(1). See my message a few minutes ago to Alex, which shows problems in the server when I submit bad commands using the MS-DOS/Windows client. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20001002133527.00d604a0>