From owner-freebsd-security Wed Oct 3 5: 3:43 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id ADF5537B405 for ; Wed, 3 Oct 2001 05:03:39 -0700 (PDT) Received: from chimp.simianscience.com (cage.simianscience.com [64.7.134.1]) by smtp1.sentex.ca (8.11.6/8.11.6) with SMTP id f93C3cQ77178 for ; Wed, 3 Oct 2001 08:03:38 -0400 (EDT) (envelope-from mike@sentex.net) From: Mike Tancsa To: security@freebsd.org Subject: remote root exploit (was Re: cvs commit: ports/ftp/wu-ftpd Makefile ports/ftp/wu-ftpd/filespatch-aa) Date: Wed, 03 Oct 2001 08:03:38 -0400 Message-ID: References: In-Reply-To: X-Mailer: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Does anyone know if these OPIE fixes were / are root exploitable ? It = was possible to sig 11 wu-ftpd remotely prior to this patch. ---Mike On Sat, 29 Sep 2001 19:03:12 +0000 (UTC), in sentex.lists.freebsd.cvs you wrote: >ache 2001/09/29 12:03:03 PDT > > Modified files: > ftp/wu-ftpd Makefile=20 > ftp/wu-ftpd/files patch-aa=20 > Log: > Fix the case when opie keys not used > =20 > Revision Changes Path > 1.38 +2 -2 ports/ftp/wu-ftpd/Makefile > 1.15 +53 -17 ports/ftp/wu-ftpd/files/patch-aa > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe cvs-all" in the body of the message Mike Tancsa (mdtancsa@sentex.net) =09 Sentex Communications Corp, =09 Waterloo, Ontario, Canada "Given enough time, 100 monkeys on 100 routers=20 could setup a national IP network." (KDW2) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message