Date: Sun, 25 Jun 2000 01:40:47 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Koga Youichirou <y-koga@jp.FreeBSD.org> Cc: wollman@khavrinen.lcs.mit.edu, freebsd-security@FreeBSD.ORG Subject: Re: Fwd: WuFTPD: Providing *remote* root since at least1994 Message-ID: <Pine.BSF.4.21.0006250135210.24262-100000@achilles.silby.com> In-Reply-To: <20000624013253.13473.qmail@smtp.246.ne.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 24 Jun 2000, Koga Youichirou wrote: > Garrett Wollman <wollman@khavrinen.lcs.mit.edu>: > > Here's a patch (mangled by cut&paste) which hacks around the problem. > > Debian team has already released a fixed package. > A patch is available from: > > http://security.debian.org/dists/potato/updates/main/source/wu-ftpd_2.6.0-5.1.diff.gz > > Then I checked it and I found that there are some other undesirable > codes in ftpd.c. Probably these codes do not lead to security flaw, > but I think that they should be corrected. I'm sure that's what the people who fixed the last set of bugs in wuftpd said when they came upon the bugs which comprise the current vuln. (But decided not to fix them.) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006250135210.24262-100000>