From owner-freebsd-bugs  Sun Feb  4  1:40:23 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 2278837B401
	for <freebsd-bugs@hub.freebsd.org>; Sun,  4 Feb 2001 01:40:03 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f149e3t95195;
	Sun, 4 Feb 2001 01:40:03 -0800 (PST)
	(envelope-from gnats)
Date: Sun, 4 Feb 2001 01:40:03 -0800 (PST)
Message-Id: <200102040940.f149e3t95195@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Kris Kennaway <kris@obsecurity.org>
Subject: Re: bin/24810: kerberosIV and heimdal ftpd is vulnerable to buffer overflow
Reply-To: Kris Kennaway <kris@obsecurity.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR bin/24810; it has been noted by GNATS.

From: Kris Kennaway <kris@obsecurity.org>
To: venglin@freebsd.lublin.pl
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/24810: kerberosIV and heimdal ftpd is vulnerable to buffer overflow
Date: Sun, 4 Feb 2001 01:39:05 -0800

 --4Ckj6UjgE2iN1+kY
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 On Fri, Feb 02, 2001 at 11:28:35PM +0000, venglin@freebsd.lublin.pl wrote:
 
 > 	KTH Kerberos5 and KerberosIV ftpd is vulnerable to strtok() based
 > 	stack overflow.
 
 Thanks, but AFAIK we don't compile this code.
 
 Kris
 
 --4Ckj6UjgE2iN1+kY
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.4 (FreeBSD)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE6fSM5Wry0BWjoQKURAhG8AJ9nuSYfUiKWcN4w9HFPwV43FtSn6ACgug2j
 8yxlObhEEeae513sZ/J8BIs=
 =hhn3
 -----END PGP SIGNATURE-----
 
 --4Ckj6UjgE2iN1+kY--
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message