From owner-freebsd-test Wed Dec 11 7:55:10 2002 Delivered-To: freebsd-test@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 40B9437B401; Wed, 11 Dec 2002 07:55:09 -0800 (PST) Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF7D943ED1; Wed, 11 Dec 2002 07:55:08 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 327A94D78; Wed, 11 Dec 2002 09:55:08 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id gBBFt7G48546; Wed, 11 Dec 2002 09:55:07 -0600 (CST) (envelope-from hawkeyd) Date: Wed, 11 Dec 2002 09:55:07 -0600 From: D J Hawkey Jr To: freebsd-test@freebsd.org, postmaster@freebsd.org Subject: [hawkeyd@visi.com: IPFilter FTP proxy vulnerability?] Message-ID: <20021211095507.A48523@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-test@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Forwarded message from D J Hawkey Jr ----- Date: Thu, 5 Dec 2002 19:54:49 -0600 From: D J Hawkey Jr To: security at FreeBSD Subject: IPFilter FTP proxy vulnerability? Reply-To: hawkeyd@visi.com User-Agent: Mutt/1.2.5.1i For background, please see ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2002-024.txt.asc Under FreeBSD-RELEASE-p23, in /usr/src/contrib/ipfilter/HISTORY, the version is "3.4.20 24/07/2001 - Released". The CVS repository, tag "All tags / default branch", in the same file, the version is "3.4.29 28/8/2002 - Released". Is FreeBSD's IPFilter vulnerable? As an aside, if any IPFilter versions from 3.4.21 through 3.4.29 were security updates, would there have been FreeBSD security notices, patches, and CVS updates on account of them? Thanks, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ ----- End forwarded message ----- Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-test" in the body of the message