From owner-freebsd-security Mon Oct 2 14:39:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 65A6037B503; Mon, 2 Oct 2000 14:39:17 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id OAA29594; Mon, 2 Oct 2000 14:39:17 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Mon, 2 Oct 2000 14:39:17 -0700 From: Kris Kennaway To: Brett Glass Cc: Alex Charalabidis , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <20001002143917.B22329@freefall.freebsd.org> References: <4.3.2.7.2.20001002123113.049344d0@localhost> <4.3.2.7.2.20001002125825.00de8f00@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20001002125825.00de8f00@localhost>; from brett@lariat.org on Mon, Oct 02, 2000 at 01:28:39PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 02, 2000 at 01:28:39PM -0600, Brett Glass wrote: > At 12:51 PM 10/2/2000, Alex Charalabidis wrote: > ftp> quote %s%s%s%s%s > 500 '+H|X++_YX++|¶QUOTE %s%s%s%s%s(null)%s%s%s%s%s': command not understood. > > This means that while the FreeBSD FTP client crashed (and generated the segfault > message), the server did not crash. However, there's still junk in the message > sent back by the server, which indicates that I may be getting at the stack > here. No, I think your client is expanding the %s locally and sending the junk to the server. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message