From owner-freebsd-security Mon Apr 16 2:27:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from yeti.ismedia.pl (yeti.ismedia.pl [212.182.96.18]) by hub.freebsd.org (Postfix) with SMTP id BC72037B449 for ; Mon, 16 Apr 2001 02:27:09 -0700 (PDT) (envelope-from venglin@freebsd.lublin.pl) Received: (qmail 35487 invoked from network); 16 Apr 2001 09:27:02 -0000 Received: from unknown (HELO lagoon.freebsd.lublin.pl) (212.182.115.11) by 0 with SMTP; 16 Apr 2001 09:27:02 -0000 Received: (qmail 15588 invoked from network); 16 Apr 2001 09:27:02 -0000 Received: from unknown (HELO riget.scene.pl) () by 0 with SMTP; 16 Apr 2001 09:27:02 -0000 Received: (qmail 15585 invoked by uid 1001); 16 Apr 2001 09:27:02 -0000 Date: Mon, 16 Apr 2001 11:27:02 +0200 From: Przemyslaw Frasunek To: security@freebsd.org Subject: Re: (fwd) Remote BSD ftpd glob exploit Message-ID: <20010416112702.W700@riget.scene.pl> References: <20010416121606.A11997@dnepr.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010416121606.A11997@dnepr.net>; from land@dnepr.net on Mon, Apr 16, 2001 at 12:16:07PM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Apr 16, 2001 at 12:16:07PM +0300, land@dnepr.net wrote: > Does exploit work on 4.1-RELEASE or 4-STABLE ? Yes, it will work on 4.1.1-RELEASE and 4.2-STABLE before correction date (29 March). My version of exploit was tested on my 4.2-STABLE: http://www.frasunek.com/sources/security/ftpd-bsd.pl -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message