Date: Fri, 20 Apr 2001 03:10:06 -0700 (PDT) From: "Sergey N. Voronkov" <serg@tmn.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/26727: glob() function bug in ftpd daemon: what is its status in v2.2.7 and v3.4 Message-ID: <200104201010.f3KAA6883192@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/26727; it has been noted by GNATS. From: "Sergey N. Voronkov" <serg@tmn.ru> To: paulchef@starwon.com.au Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: misc/26727: glob() function bug in ftpd daemon: what is its status in v2.2.7 and v3.4 Date: Fri, 20 Apr 2001 16:05:48 +0600 On Fri, Apr 20, 2001 at 02:02:21AM -0700, paulchef@starwon.com.au wrote: > FreeBSD zeus.starwon.com.au 2.2.7-RELEASE FreeBSD 2.2.7-RELEASE #0: Mon Jul 31 1 > 1:25:57 WST 2000 louis@zeus.starwon.com.au:/usr/src/sys/compile/ZEUS i386 > zeus % > >Description: > COVERT labs at PGP security have found a bug in the glob function > for ftpd. You have said this will be fixed in v4.2. We are running > v2.2.7 and v3.4 very nicely here. Is the glob() problem happening in > those two versions. I also believe from reading the notes that this Sure. > is not a problem in the FTPD daemon but in the actual system glob() > function. Shame on you guys for not separating data and code into > different segments like (excuse me) Windows does? > Upgrade your systems to at least 3.5.1-STABLE or you can try to port this patch to your system by hand... if you like it. (If you see the page ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/ you can find much more security holes related to your systems. So, please think twice before porting patches.) Serg N. Voronkov. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104201010.f3KAA6883192>