Date: Thu, 31 Jul 2003 17:40:16 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: John Fox <jjf@mind.net> Cc: freebsd-security@freebsd.org Subject: Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug Message-ID: <20030731224016.GA91355@madman.celabo.org> In-Reply-To: <20030731183553.GA85469@mind.net> References: <20030731183553.GA85469@mind.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 31, 2003 at 11:35:53AM -0700, John Fox wrote: > Hello, > > I see in BugTraq that there's yet another problem with Wu-ftpd, but I see > no mention of it in the freebsd-security mailing list archives...I have > searched the indexes from all of June and July. > > Wu is pretty widely used, so I'm surprised that nobody seems to have > mentioned this problem in this forum. > > The notice on BugTraq mentioned only Linux, not FreeBSD, but that's no > reason to assume that FreeBSD machines aren't vulnerable, too. Which is > why I am confused as to the lack of discussion of this matter. > > Can anyone shed some light on this? Hmm. The issue was scheduled to be made public at 12:00 pm EDT today. Daniel Harris <dannyboy@FreeBSD.org> committed the fix to the FreeBSD Ports Collection around 12:07 pm EDT today. This issue will be rolled into the next FreeBSD Security Notice (probably Monday --- serious problems like this tend to `trigger' a notice). If you want to bitch at someone, bitch at the wu-ftpd.org guys for ignoring the reported bug for two months. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030731224016.GA91355>