Skip site navigation (1)Skip section navigation (2) 
From:      Anton Vladimirov <admin128@mail.ru>
To:        security@freebsd.org
Subject:   ftp vulnerability
Message-ID:  <15739596567.20010411131004@mail.ru>
next in thread | raw e-mail | index | archive | help 
Hello security,

  I run FreeBSD 4.0-RELEASE with all security patches applied.
  Could anyone clearly explain how to fix the recent
  ftpd hole for this version?

  I downloaded the sources of ftpd from the 4.2-CURRENT
  release, but how to install it?

  I do the following:
=============================================
bash-2.03# make depend
yacc  -o ftpcmd.c ftpcmd.y
yacc: w - the symbol ext_arg is undefined
rm -f .depend
mkdep -f .depend -a    -DSETPROCTITLE -DSKEY -DLOGIN_CAP -DVIRTUAL_HOSTING -DINET6 -I/usr/src/libexec/ftpd -Dmain=ls_main -I/usr/src/libexec/c
cd /usr/src/libexec/ftpd; make _EXTRADEPEND
echo ftpd: /usr/lib/libc.a /usr/lib/libskey.a /usr/lib/libmd.a /usr/lib/libcrypt.a /usr/lib/libutil.a /usr/lib/libpam.a >> .depend
bash-2.03# make
Warning: Object directory not changed from original /usr/src/libexec/ftpd
cc -O -pipe -DSETPROCTITLE -DSKEY -DLOGIN_CAP -DVIRTUAL_HOSTING -Wall -DINET6 -I/usr/src/libexec/ftpd -Dmain=ls_main -I/usr/src/libexec/ftpd/c
ftpd.c: In function `send_file_list':
ftpd.c:2673: `GLOB_MAXPATH' undeclared (first use in this function)
ftpd.c:2673: (Each undeclared identifier is reported only once
ftpd.c:2673: for each function it appears in.)
ftpd.c:2662: warning: variable `dout' might be clobbered by `longjmp' or `vfork'
ftpd.c:2663: warning: variable `dirlist' might be clobbered by `longjmp' or `vfork'
ftpd.c:2664: warning: variable `simple' might be clobbered by `longjmp' or `vfork'
ftpd.c:2665: warning: variable `freeglob' might be clobbered by `longjmp' or `vfork'
*** Error code 1

Stop in /usr/src/libexec/ftpd.
==================================================

Where am I mistaken?
  

-- 
Best regards,
 Anton                          mailto:admin128@mail.ru



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15739596567.20010411131004>