From owner-freebsd-security Thu Sep 9 6:25:55 1999 Delivered-To: freebsd-security@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 247FF14D4C for ; Thu, 9 Sep 1999 06:24:59 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id QAA45393; Thu, 9 Sep 1999 16:22:56 +0300 (EEST) (envelope-from ru) Date: Thu, 9 Sep 1999 16:22:55 +0300 From: Ruslan Ermilov To: Bill Fink Cc: security@FreeBSD.ORG Subject: Re: FTP Vulnerability Message-ID: <19990909162255.A15548@relay.ucb.crimea.ua> Mail-Followup-To: Bill Fink , security@FreeBSD.ORG References: <51D35DCFD7B0D21189440040333985C0013853@exchange1.billfink.com.247.64.63.IN-ADDR.ARPA> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <51D35DCFD7B0D21189440040333985C0013853@exchange1.billfink.com.247.64.63.IN-ADDR.ARPA>; from Bill Fink on Thu, Sep 09, 1999 at 09:03:01AM -0400 X-Operating-System: FreeBSD 3.2-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Sep 09, 1999 at 09:03:01AM -0400, Bill Fink wrote: > > > I truly apologize, I trust I'm overlooking something here. > > The advisory below states: > > >> Upgrade your wu-ftpd or proftpd > >> ports to the most recent versions > >> (any version after August 30, 1999 > >> is not impacted by this problem). > > I've visited the mirrors for the WUFTP site(s) looking for the versions > "after August 30" and there's NOTHING newer than MAY. > The versions we are talking about refer to the FreeBSD ports collection. Port of wu-ftpd (/usr/ports/net/wu-ftpd) has been upgraded to apply the following patch: ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/mapped.path.overrun.patch Cheers, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message