From owner-freebsd-security@FreeBSD.ORG  Tue Aug 17 18:47:35 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EDCFB16A4CE
	for <freebsd-security@freebsd.org>;
	Tue, 17 Aug 2004 18:47:35 +0000 (GMT)
Received: from gw.celabo.org (gw.celabo.org [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 94F6443D39
	for <freebsd-security@freebsd.org>;
	Tue, 17 Aug 2004 18:47:35 +0000 (GMT)
	(envelope-from nectar@celabo.org)
Received: from madman.celabo.org (madman.celabo.org [10.0.1.111])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))verified))
	by gw.celabo.org (Postfix) with ESMTP id 216BA5485D
	for <freebsd-security@freebsd.org>;
	Tue, 17 Aug 2004 13:47:35 -0500 (CDT)
Received: by madman.celabo.org (Postfix, from userid 1001)
	id 8CA406D452; Tue, 17 Aug 2004 13:47:25 -0500 (CDT)
Date: Tue, 17 Aug 2004 13:47:25 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: freebsd-security@freebsd.org
Message-ID: <20040817184725.GE46244@madman.celabo.org>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	freebsd-security@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Url: http://www.celabo.org/
User-Agent: Mutt/1.5.6i
Subject: remotely exploitable vulnerability in lukemftpd / tnftpd
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Aug 2004 18:47:36 -0000

Hi Everyone,

http://vuxml.freebsd.org/c4b025bb-f05d-11d8-9837-000c41e2cdad.html

A critical vulnerability was found in lukemftpd, which shipped with some
FreeBSD versions (4.7 and later).  However, with the exception of
FreeBSD 4.7, lukemftpd was not built and installed by default.  So,
unless you are running FreeBSD 4.7-RELEASE or specified WANT_LUKEMFTP
when building FreeBSD from source, you should not have lukemftpd
installed.

Even in FreeBSD 4.7, lukemftpd was installed but not enabled.

More details will be available in a FreeBSD advisory to follow.

Cheers,
-- 
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org