From owner-freebsd-security Mon Oct 2 22:22: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66]) by hub.freebsd.org (Postfix) with ESMTP id 998E337B502 for ; Mon, 2 Oct 2000 22:22:00 -0700 (PDT) Received: from localhost (fjoe@localhost) by iclub.nsu.ru (8.9.3/8.9.3) with ESMTP id MAA26084; Tue, 3 Oct 2000 12:20:21 +0700 (NSS) (envelope-from fjoe@iclub.nsu.ru) Date: Tue, 3 Oct 2000 12:20:20 +0700 (NSS) From: Max Khon To: Neil Blakey-Milner Cc: Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <20001002204526.A58098@mithrandr.moria.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, there! On Mon, 2 Oct 2000, Neil Blakey-Milner wrote: > > >The system's ftp daemon or wu-ftpd? The ftp daemons installed with 3.5.1 > > >and 4.1[.1] don't seem affected. > > > > It DEFINITELY works on FreeBSD's own ftpd in 3.4-RELEASE and all 2.x versions > > I have tested. > > This is quite cute: > > (nbm@futon) /home/nbm> ftp 127.0.0.1 > Connected to 127.0.0.1. > 220 futon.sunesi.com FTP server (Version 6.00) ready. > Name (127.0.0.1:nbm): ftp > 331 Guest login ok, send your email address as password. > Password: > 230 Guest login ok, access restrictions apply. > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> quote %s%s%s%s > Segmentation fault > > As in, it crashes the ftp client. > > A 4.0 ftp client connecting to 'futon' (a 3.3 machine): > > (nbm@couch) /home/nbm> ftp futon > Connected to futon.sunesi.com. > 220 futon.sunesi.com FTP server (Version 6.00) ready. > Name (futon.sunesi.com:nbm): ftp > 331 Guest login ok, send your email address as password. > Password: > 230 Guest login ok, access restrictions apply. > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> quot %s%s%s%s > 500 '%S%S%S%S': command not understood. > > A 3.4 ftp client to 'futon' also segfaults. The ftp server doesn't > segfault in the cases I've tried. this was fixed in HEAD, RELENG_4 and RELENG_3 on Jun 23 2000 (cmds.c 1.17, 1.16.2.1 and 1.14.2.3) /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message