From owner-freebsd-security Fri Sep 10 21:19:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id B1DF914C1F for ; Fri, 10 Sep 1999 21:19:23 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id WAA55382; Fri, 10 Sep 1999 22:19:21 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id WAA12288; Fri, 10 Sep 1999 22:18:30 -0600 (MDT) Message-Id: <199909110418.WAA12288@harmony.village.org> To: Michael Grommet Subject: Re: Concerning Latest FTPD exploit: FreeBSD Security Advisory: FreeBS D-SA-99:03.ftpd Cc: "'freebsd-security@freebsd.org'" In-reply-to: Your message of "Thu, 09 Sep 1999 08:20:46 CDT." <7011ACE3864AD31183E50008C7FA081F01D4C2@ISIMAIN> References: <7011ACE3864AD31183E50008C7FA081F01D4C2@ISIMAIN> Date: Fri, 10 Sep 1999 22:18:30 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- In message <7011ACE3864AD31183E50008C7FA081F01D4C2@ISIMAIN> Michael Grommet writes: : Am I correct in my assumtion that this is _not_ exploitable on the standard : ftpd that installs : with freebsd 2.2.8 - 3.2 - Stable? No. You are not correct to assume that. As far as I know, both of the FTP servers are exploitable, for different reasons. Wu-ftpd is exploitable back to the dawn of time, if I read the commentary about wu-ftpd right. Warner -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBN9nYFdxynu/2qPVhAQGOdgP8DuGSKHQAdypnP8IAq4uA3abAG+LeqnvP sS+VjtS49YicY3cIS/1seafX3GnRCzx641ZOaWJIQHS3JCrg0X4smvArCpw+NAHt +NzEqVi4IFkyMlcNsVr1HKZuPr3w4qRRX+qPGfuxjOwLOBTlJ1EpAwxzsuPMZV5k PpO6bcLG8M0= =vRmm -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message