From owner-freebsd-security Thu Sep 9 12:19: 6 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 2043B14FC5 for ; Thu, 9 Sep 1999 12:19:03 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id NAA50548; Thu, 9 Sep 1999 13:18:01 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA30788; Thu, 9 Sep 1999 13:17:52 -0600 (MDT) Message-Id: <199909091917.NAA30788@harmony.village.org> To: Ruslan Ermilov Subject: Re: FTP Vulnerability Cc: "Rashid N. Achilov" , Bill Fink , security@FreeBSD.ORG In-reply-to: Your message of "Thu, 09 Sep 1999 17:09:40 +0300." <19990909170940.B51179@relay.ucb.crimea.ua> References: <19990909170940.B51179@relay.ucb.crimea.ua> <19990909162255.A15548@relay.ucb.crimea.ua> Date: Thu, 09 Sep 1999 13:17:52 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- In message <19990909170940.B51179@relay.ucb.crimea.ua> Ruslan Ermilov writes: : Grr... Advisory refers to version of the FreeBSD port after 1999/08/30: Let me also explicitly state that the security officer's policy is to only support the FreeBSD ports tree for "re-issue" advisories. This is a recent change and I'm trying to figure out the exact parameters of the change, so feedback would be helpful. At the moment, if you aren't using ports for things like wu-ftpd, then you are on your own for doing research to see what you need to do to your, potentially random, system to make sure that it is not vulnerable. I reread the advisory and will be the first to admit that it wasn't the clearest advisory that I'd written in this area. In the future I'll try to make sure that I state this explicitly and clearly. Something like The wu-ftpd FreeBSD port in /usr/ports/ftp/wu-ftpd has been ungraded on August 30, 1999 to incorporate changes recommended by the wu-ftpd development team to eliminate a potential vulnerability that would allow remote users to gain root. You are strongly urged to upgrade /usr/ports/ftp/wu-ftpd to a version newer than that date, rebuild and reinstall wu-ftpd to eliminate this weakness on your system. Warner -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBN9gH31UuHi5z0oilAQF12QP+NpoWbo83qlcfxFUsNJhrrz5iv2Gtl/Xv 485APBYuJOm8o6w4t9MxV16DP04m0DKZHCa9E0SwZHKsnsEqVmOrN1yEmjwRRqpw 6VKVXMt6EpSa4JNi5jK/zwsFn1Bq4TAnc7c4VqkLHb14XUbFQRDIMpQhxeo17UC2 jgD0gHMMs6I= =vFR9 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message