Date: Tue, 9 Feb 1999 15:29:32 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Igor Roshchin <igor@physics.uiuc.edu> Cc: security@FreeBSD.ORG Subject: Re: Netect Advisory: palmetto.ftpd - remote root overflow (fwd) Message-ID: <199902092329.PAA61825@apollo.backplane.com> References: <199902092244.QAA27931@alecto.physics.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Here is an excerpt from the VR10 patch: + A recent discussion on BUGTRAQ pointed out a buffer-overrun in the realpath + function. Bernard imported the FreeBSD realpath() function to correct this + error. This closes Stan's TODO item 1. This infers that FreeBSD's realpath() function does not have a buffer overflow problem. I've looked at the code, and it appears to not have a buffer overflow problem. -Matt :This advisory posted to the BUGTRAQ does not mention FreeBSD. : :I wonder if the FreeBSD's patches fix this vulnerability, :and if so, what was the "turn point" date. : :Thanks, : :Igor :... : :% wu-ftpd : : Current version: 2.4.2 (beta 18), unknown release date. : All versions through 2.4.2 (beta 18): vulnerability dependant upon :.. : : % wu-ftpd VR series : : Current version: 2.4.2 (beta 18) VR12, released January 1, 1999. : All versions prior to 2.4.2 (beta 18) VR10: vulnerable. : Fix: incorporated into VR10, released November 1, 1998. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902092329.PAA61825>