From owner-freebsd-security Fri Sep 10 21:28:23 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 1A68614C27 for ; Fri, 10 Sep 1999 21:28:21 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id AAA82809; Sat, 11 Sep 1999 00:28:18 -0400 (EDT) (envelope-from wollman) Date: Sat, 11 Sep 1999 00:28:18 -0400 (EDT) From: Garrett Wollman Message-Id: <199909110428.AAA82809@khavrinen.lcs.mit.edu> To: Warner Losh Cc: Michael Grommet , "'freebsd-security@freebsd.org'" Subject: Re: Concerning Latest FTPD exploit: FreeBSD Security Advisory: FreeBS D-SA-99:03.ftpd In-Reply-To: <199909110418.WAA12288@harmony.village.org> References: <7011ACE3864AD31183E50008C7FA081F01D4C2@ISIMAIN> <199909110418.WAA12288@harmony.village.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > -----BEGIN PGP SIGNED MESSAGE----- > : Am I correct in my assumtion that this is _not_ exploitable on the standard > : ftpd that installs > : with freebsd 2.2.8 - 3.2 - Stable? > No. You are not correct to assume that. As far as I know, both of > the FTP servers are exploitable, for different reasons. Wu-ftpd is > exploitable back to the dawn of time, if I read the commentary about > wu-ftpd right. You mis-read the question. /usr/libexec/ftpd is not vulnerable -- wu-ftpd branched off the Berkeley main-line long before FreeBSD even existed, and the problem `feature' was a wu-ftpd addition. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message