From owner-freebsd-security Mon Oct 2 12:45:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 58CFF37B66C for ; Mon, 2 Oct 2000 12:45:46 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id NAA08546; Mon, 2 Oct 2000 13:45:34 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002133527.00d604a0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 13:43:33 -0600 To: Jordan Hubbard From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: security@FreeBSD.ORG In-Reply-To: <59846.970514080@winston.osd.bsdi.com> References: <4.3.2.7.2.20001002113441.04932240@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:14 PM 10/2/2000, Jordan Hubbard wrote: >That's the client crashing, you knob. Read the advisories more closely. >What linux ftp clients do is not all that urgent a concern of ours. Jordan: Alas, there is still reason for concern. Here's why: 1) At least some FreeBSD clients are also crashing in the same way as the Linux client described in that message. They're segfaulting, which means they could be susceptible to attacks from malicious servers. 2) There is still some funkiness in recent FreeBSD servers too. This is evidenced by the fact that bad commands can generate responses which look like a memory dump. They also mess up the output of ps(1). See my message a few minutes ago to Alex, which shows problems in the server when I submit bad commands using the MS-DOS/Windows client. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message