From owner-freebsd-security Fri Mar 19 14:32: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id 82D6415BC9 for ; Fri, 19 Mar 1999 14:31:50 -0800 (PST) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id XAA03692 for freebsd-security@FreeBSD.ORG; Fri, 19 Mar 1999 23:31:30 +0100 (CET) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id C45DF87B6; Fri, 19 Mar 1999 23:10:53 +0100 (CET) Date: Fri, 19 Mar 1999 23:10:53 +0100 From: Ollivier Robert To: freebsd-security@FreeBSD.ORG Subject: Re: 3.1-RELEASE Message-ID: <19990319231053.A13596@keltia.freenix.fr> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/0.95.3i In-Reply-To: ; from Harry M. Leitzell on Fri, Mar 19, 1999 at 01:49:20PM -0500 X-Operating-System: FreeBSD 4.0-CURRENT/ELF ctm#5130 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Harry M. Leitzell: > to install an ftp daemon, I ended up using the ports to install proftpd. > The only problem with this is that the ports collection installed pre1 > which has a known buffer overflow in it. Maybe I am wrong in assuming Look in the directory patches in /usr/ports/net/proftpd. You'll notice that a patch was added to close this hole. ---------------------------- revision 1.7 date: 1999/02/12 21:55:04; author: obrien; state: Exp; lines: +5 -1 add buffer overflow vulnerability reduction patch Submitted by: Michael ---------------------------- So the package you have is immune. I sent a diff to upgrade the port to pre2 but the package maintainer has an invalid address... -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #70: Sat Feb 27 09:43:08 CET 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message