From owner-freebsd-security Tue Oct 3 7: 2:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 2F48D37B66C for ; Tue, 3 Oct 2000 07:02:31 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA06538; Tue, 3 Oct 2000 07:01:16 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda06536; Tue Oct 3 07:01:14 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.0/8.9.1) id e93E1Ex00927; Tue, 3 Oct 2000 07:01:14 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdFHn919; Tue Oct 3 07:00:42 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e93E0fZ11189; Tue, 3 Oct 2000 07:00:41 -0700 (PDT) Message-Id: <200010031400.e93E0fZ11189@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdq11185; Tue Oct 3 07:00:10 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1-RELEASE X-Sender: cy To: Brett Glass Cc: Fernando Schapachnik , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-reply-to: Your message of "Mon, 02 Oct 2000 12:30:08 MDT." <4.3.2.7.2.20001002122853.04b25e00@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Date: Tue, 03 Oct 2000 07:00:10 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett, send me the exploit and I will confirm it on some 4.x boxen for = you. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC In message <4.3.2.7.2.20001002122853.04b25e00@localhost>, Brett Glass = writes: > Fernando: > = > I did NOT make a mistake. It works in FreeBSD's own ftpd in = > FreeBSD 3.4 and earlier; maybe some later versions as well. > = > --Brett > = > At 12:24 PM 10/2/2000, Fernando Schapachnik wrote: > = > >This describes a bug in wu-ftp, not in BSD-ftpd. > > > >Please double check before scaring us all. > > > >Regards! > > > >En un mensaje anterior, Brett Glass escribi=F3: > >> I've received LOTS of anonymous FTP login attempts on the FreeBSD bo= xen > >> I administer, and have been wondering why. Perhaps this message expl= ains > >> it! The below works on all 2.x versions of FreeBSD, and in the 3.x b= ranch = > >> up until at least 3.4-RELEASE (maybe later). > >[...]] > >> >Connected to 1127.0.0.1. > >> >220 somewhere.in.internet FTP server (Version wu-2.6.1(1) Mon Jul 3= 10:49 > :59 > >> >EEST 2000) ready. > > > > > > > > > >Fernando P. Schapachnik > >Administraci=F3n de la red > >VIA NET.WORKS ARGENTINA S.A. > >fernando@via-net-works.net.ar > >(54-11) 4323-3333 > = > = > = > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message