From owner-freebsd-security@FreeBSD.ORG Tue Aug 17 18:47:35 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDCFB16A4CE for ; Tue, 17 Aug 2004 18:47:35 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94F6443D39 for ; Tue, 17 Aug 2004 18:47:35 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))verified)) by gw.celabo.org (Postfix) with ESMTP id 216BA5485D for ; Tue, 17 Aug 2004 13:47:35 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id 8CA406D452; Tue, 17 Aug 2004 13:47:25 -0500 (CDT) Date: Tue, 17 Aug 2004 13:47:25 -0500 From: "Jacques A. Vidrine" To: freebsd-security@freebsd.org Message-ID: <20040817184725.GE46244@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i Subject: remotely exploitable vulnerability in lukemftpd / tnftpd X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Aug 2004 18:47:36 -0000 Hi Everyone, http://vuxml.freebsd.org/c4b025bb-f05d-11d8-9837-000c41e2cdad.html A critical vulnerability was found in lukemftpd, which shipped with some FreeBSD versions (4.7 and later). However, with the exception of FreeBSD 4.7, lukemftpd was not built and installed by default. So, unless you are running FreeBSD 4.7-RELEASE or specified WANT_LUKEMFTP when building FreeBSD from source, you should not have lukemftpd installed. Even in FreeBSD 4.7, lukemftpd was installed but not enabled. More details will be available in a FreeBSD advisory to follow. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org