From owner-freebsd-security Mon Oct 2 13: 1:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id 56B6837B502 for ; Mon, 2 Oct 2000 13:01:45 -0700 (PDT) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13gBm4-000FQv-00; Mon, 02 Oct 2000 22:01:20 +0200 Date: Mon, 2 Oct 2000 22:01:20 +0200 From: Neil Blakey-Milner To: Brett Glass Cc: Jordan Hubbard , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <20001002220120.A59204@mithrandr.moria.org> References: <4.3.2.7.2.20001002113441.04932240@localhost> <59846.970514080@winston.osd.bsdi.com> <4.3.2.7.2.20001002133527.00d604a0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20001002133527.00d604a0@localhost>; from brett@lariat.org on Mon, Oct 02, 2000 at 01:43:33PM -0600 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon 2000-10-02 (13:43), Brett Glass wrote: > At 01:14 PM 10/2/2000, Jordan Hubbard wrote: > > >That's the client crashing, you knob. Read the advisories more closely. > >What linux ftp clients do is not all that urgent a concern of ours. > > Jordan: > > Alas, there is still reason for concern. Here's why: > > 1) At least some FreeBSD clients are also crashing in the same way as the > Linux client described in that message. They're segfaulting, which means > they could be susceptible to attacks from malicious servers. You aren't keeping your machines up to date. This was fixed in RELENG_3 already: revision 1.14.2.3 date: 2000/06/23 14:46:54; author: ru; state: Exp; lines: +3 -3 MFC: (rev 1.17) Get rid of segfault in a `site %s\' case. > 2) There is still some funkiness in recent FreeBSD servers too. This is > evidenced by the fact that bad commands can generate responses which look > like a memory dump. They also mess up the output of ps(1). See my message > a few minutes ago to Alex, which shows problems in the server when I submit > bad commands using the MS-DOS/Windows client. I don't see this with a 3.3 or 3.4 ftpd. Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message