From owner-freebsd-bugs  Fri Apr 20  3:10: 9 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 2803037B43C
	for <freebsd-bugs@hub.freebsd.org>; Fri, 20 Apr 2001 03:10:06 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f3KAA6883192;
	Fri, 20 Apr 2001 03:10:06 -0700 (PDT)
	(envelope-from gnats)
Date: Fri, 20 Apr 2001 03:10:06 -0700 (PDT)
Message-Id: <200104201010.f3KAA6883192@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: "Sergey N. Voronkov" <serg@tmn.ru>
Subject: Re: misc/26727: glob() function bug in ftpd daemon: what is its status in v2.2.7 and v3.4
Reply-To: "Sergey N. Voronkov" <serg@tmn.ru>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR misc/26727; it has been noted by GNATS.

From: "Sergey N. Voronkov" <serg@tmn.ru>
To: paulchef@starwon.com.au
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/26727: glob() function bug in ftpd daemon: what is its status in v2.2.7 and v3.4
Date: Fri, 20 Apr 2001 16:05:48 +0600

 On Fri, Apr 20, 2001 at 02:02:21AM -0700, paulchef@starwon.com.au wrote:
 > FreeBSD zeus.starwon.com.au 2.2.7-RELEASE FreeBSD 2.2.7-RELEASE #0: Mon Jul 31 1
 > 1:25:57 WST 2000     louis@zeus.starwon.com.au:/usr/src/sys/compile/ZEUS  i386
 > zeus %
 > >Description:
 > COVERT labs at PGP security have found a bug in the glob function
 > for ftpd.  You have said this will be fixed in v4.2.  We are running
 > v2.2.7 and v3.4 very nicely here.  Is the glob() problem happening in 
 > those two versions.  I also believe from reading the notes that this 
 
 Sure.
 
 > is not a problem in the FTPD daemon but in the actual system glob() 
 > function.  Shame on you guys for not separating data and code into 
 > different segments like (excuse me) Windows does?
 > 
 
 Upgrade your systems to at least 3.5.1-STABLE or you can try to port this
 patch to your system by hand... if you like it. (If you see the page
 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/ you can find much more
 security holes related to your systems. So, please think twice before
 porting patches.)
 
 Serg N. Voronkov.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message