From owner-freebsd-security Tue Oct 3 2:10:11 2000
Delivered-To: freebsd-security@freebsd.org
Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220])
by hub.freebsd.org (Postfix) with ESMTP
id F204337B66D; Tue, 3 Oct 2000 02:10:08 -0700 (PDT)
Received: from localhost
([127.0.0.1] helo=softweyr.com ident=Fools trust ident!)
by homer.softweyr.com with esmtp (Exim 3.16 #1)
id 13gOEt-000PRb-00; Tue, 03 Oct 2000 03:19:56 -0600
Message-ID: <39D9A4BB.1DB621CD@softweyr.com>
Date: Tue, 03 Oct 2000 03:19:55 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Brett Glass <brett@lariat.org>
Cc: Kris Kennaway <kris@FreeBSD.org>,
Alex Charalabidis <alex@wnm.net>,
"Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.org
Subject: Re: ftpd bug in FreeBSD through at least 3.4
References: <4.3.2.7.2.20001002125825.00de8f00@localhost>
<4.3.2.7.2.20001002123113.049344d0@localhost>
<Pine.BSF.4.21.0010021340020.90099-100000@earth.wnm.net>
<4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002173916.046c16f0@localhost>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Brett Glass wrote:
>
> At 03:39 PM 10/2/2000, Kris Kennaway wrote:
>
> >No, I think your client is expanding the %s locally and sending the
> >junk to the server.
>
> Kris:
>
> I think you may be right here! The client may also be expanding the
> %s on the way BACK from the server. If this is the case, it is
> more serious because it means that a malicious server might be
> able to take over the client.
A packet trace would be helpful here. I find ethereal to be quite an
agreeable tool.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message