From owner-freebsd-questions@FreeBSD.ORG  Thu Jul 31 11:18:34 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7964337B401
	for <freebsd-questions@freebsd.org>;
	Thu, 31 Jul 2003 11:18:34 -0700 (PDT)
Received: from ns2.foolishgames.net (ns2.foolishgames.net [216.93.162.119])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E9F7843F85
	for <freebsd-questions@freebsd.org>;
	Thu, 31 Jul 2003 11:18:33 -0700 (PDT)
	(envelope-from luke@foolishgames.com)
Received: from foolishgames.com (adsl-65-42-184-171.dsl.klmzmi.ameritech.net
	[65.42.184.171])	(authenticated bits=0)
	by ns2.foolishgames.net (8.12.9/8.12.9) with ESMTP id h6VIIQds035527
	for <freebsd-questions@freebsd.org>;
	Thu, 31 Jul 2003 11:18:27 -0700 (PDT)
	(envelope-from luke@foolishgames.com)
Date: Thu, 31 Jul 2003 14:18:25 -0400
Mime-Version: 1.0 (Apple Message framework v552)
Content-Type: text/plain; charset=US-ASCII; format=flowed
From: Lucas Holt <luke@foolishgames.com>
To: freebsd-questions@freebsd.org
Content-Transfer-Encoding: 7bit
Message-Id: <6041B5F2-C383-11D7-A62F-0030656DD690@foolishgames.com>
X-Mailer: Apple Mail (2.552)
Subject: WU FTPD
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jul 2003 18:18:34 -0000

There was a vulnerability released today in wu ftpd and I'm unclear if 
this would affect the software running on a freebsd system.  It appears 
to cause problems on linux 2.4.x kernels but not older kernels due to 
the way the compiler works.  Does anyone know if this problem is 
exploitable on freebsd?  If not, where should I ask this question?

Here's the header included in the advisory with links.

Synopsis:	wu-ftpd fb_realpath() off-by-one bug
Product:	wu-ftpd
Version: 	2.5.0 <= 2.6.2
Vendor:		http://www.wuftpd.org/

URL:		http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
CVE:            
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466
Author:		Wojciech Purczynski <cliph@isec.pl>
		Janusz Niewiadomski <funkysh@isec.pl>
Date:		July 31, 2003


Lucas Holt
Luke@FoolishGames.com
________________________________________________________
FoolishGames.com  (Jewel Fan Site)
JustJournal.com (Free blogging)

"Only two things are infinite, the universe and human stupidity, and 
I'm not sure about the former."
- Albert Einstein (1879-1955)