Date: Tue, 9 Feb 1999 15:29:32 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Igor Roshchin <igor@physics.uiuc.edu> Cc: security@FreeBSD.ORG Subject: Re: Netect Advisory: palmetto.ftpd - remote root overflow (fwd) Message-ID: <199902092329.PAA61825@apollo.backplane.com> References: <199902092244.QAA27931@alecto.physics.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Here is an excerpt from the VR10 patch:
+ A recent discussion on BUGTRAQ pointed out a buffer-overrun in the realpath
+ function. Bernard imported the FreeBSD realpath() function to correct this
+ error. This closes Stan's TODO item 1.
This infers that FreeBSD's realpath() function does not have a buffer
overflow problem. I've looked at the code, and it appears to not have
a buffer overflow problem.
-Matt
:This advisory posted to the BUGTRAQ does not mention FreeBSD.
:
:I wonder if the FreeBSD's patches fix this vulnerability,
:and if so, what was the "turn point" date.
:
:Thanks,
:
:Igor
:...
:
:% wu-ftpd
:
: Current version: 2.4.2 (beta 18), unknown release date.
: All versions through 2.4.2 (beta 18): vulnerability dependant upon
:..
:
: % wu-ftpd VR series
:
: Current version: 2.4.2 (beta 18) VR12, released January 1, 1999.
: All versions prior to 2.4.2 (beta 18) VR10: vulnerable.
: Fix: incorporated into VR10, released November 1, 1998.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902092329.PAA61825>