From owner-freebsd-security  Tue May 22 21: 4:54 2001
Delivered-To: freebsd-security@freebsd.org
Received: from sbtx.tmn.ru (sbtx.tmn.ru [212.76.160.49])
	by hub.freebsd.org (Postfix) with ESMTP id D573D37B43C
	for <freebsd-security@FreeBSD.ORG>; Tue, 22 May 2001 21:04:50 -0700 (PDT)
	(envelope-from serg@sbtx.tmn.ru)
Received: from sv.tech.sibitex.tmn.ru (sv.tech.sibitex.tmn.ru [212.76.160.59])
	by sbtx.tmn.ru (8.11.1/8.11.1) with ESMTP id f4N44mT08134;
	Wed, 23 May 2001 10:04:49 +0600 (YEKST)
	(envelope-from serg@sbtx.tmn.ru)
Received: (from serg@localhost)
	by sv.tech.sibitex.tmn.ru (8.11.3/8.11.3) id f4N44mQ15183;
	Wed, 23 May 2001 10:04:48 +0600 (YEKST)
	(envelope-from serg)
Date: Wed, 23 May 2001 10:04:48 +0600
From: "Sergey N. Voronkov" <serg@tmn.ru>
To: Kris Kennaway <kris@obsecurity.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Is there a ftp vuln in 4.3-STABLE
Message-ID: <20010523100448.A15088@sv.tech.sibitex.tmn.ru>
References: <000501c0e316$7deb4450$45d8db40@mhx800> <Pine.BSF.4.32.0105222026040.1300-100000@magnetar.blackhatnetworks.com> <20010522193952.A33978@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010522193952.A33978@xor.obsecurity.org>; from kris@obsecurity.org on Tue, May 22, 2001 at 07:39:52PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, May 22, 2001 at 07:39:52PM -0700, Kris Kennaway wrote:
> On Tue, May 22, 2001 at 08:26:29PM -0400, Alex wrote:
> > Is this a FreeBSD specific FTP vulnerability?
> > 
> > -Alex
> > 
> > On Tue, 22 May 2001, Ryan wrote:
> > 
> > > There is an ftp vuln... I do not have any details on it sorry.. Some kinda
> > > overflow.. I would run proftpd
> 
> No-one has informed the security-officer about any new vulnerability
> in FreeBSD (or for that matter, about third party ftpd ports).  It's
> probably worthwhile not flying into a panic until someone actually
> provides some corroborating evidence.
> 

When I'v found this staff in my logfiles I'v change native ftpd to luke's
one. Sorry, can't get core to you... And don't want to setup native daemon
to provide potential hole to someone.

May 16 15:50:34 ftp /kernel: pid 5272 (ftpd), uid 14: exited on signal 11
May 17 21:02:20 ftp /kernel: pid 11157 (ftpd), uid 14: exited on signal 11

Also I have one questtion: how to setup ftpd to allow it dumping core to
specified destination?

Bye,

Serg N. Voronkov

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message