Date: Tue, 10 Apr 2001 17:53:05 -0500 From: David <habeeb@cfl.rr.com> To: freebsd-security@freebsd.org Subject: FTPD vulnerability question Message-ID: <01041017530502.11342@descrypt.com>
next in thread | raw e-mail | index | archive | help
I just read the CERT advisory, and noticed it mentioned FreeBSD FTPD vulnerable. I took a quick check at the source code for the stock FTPD on my system, and did not notice any possible overflows for glob().. atleast none that jumped out at me (yet?). FreeBSD 4.2-STABLE #0: Sun Jan 21 11:43:43 EST 2001 root@fortress:/usr/obj/usr/src/sys/FORTRESS # telnet 0 21 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. 220 [server name] FTP server (Version 6.00LS) ready. I am just making sure that the CERT advisory meant ALL 4.2 -stable versions (I am a bit paranoid right now :). If it does that's great. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01041017530502.11342>