Date: Thu, 31 Jul 2003 14:52:56 -0400 From: Mike Tancsa <mike@sentex.net> To: <polytarp@cyberspace.org> Cc: freebsd-security@freebsd.org Subject: Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug Message-ID: <5.2.0.9.0.20030731144633.05832008@209.112.4.2> In-Reply-To: <Pine.SUN.3.96.1030731144032.5403A-100000@grex.cyberspace.o rg> References: <20030731183553.GA85469@mind.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:40 PM 31/07/2003 -0400, polytarp@cyberspace.org wrote: >Buffer overflows which work on Linux do not work on FreeBSD. You need to qualify that statement. Yes, there are some that will not be relevant and the exact same exploit code will not work. But "Buffer overflows which work on Linux do not work on FreeBSD" is dangerously misleading.... In the case of wu-ftpd there have been several issues in the past that affected both FreeBSD and Linux. Same bug, different exploit code, both vulnerable. That being said, I havent had a chance to review this one so I dont know. ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.0.20030731144633.05832008>