Date: Sat, 1 Dec 2001 14:05:15 -0500 (EST) From: Igor Roshchin <str@giganda.komkon.org> To: freebsd-security@FreeBSD.ORG, kheuer@gwdu60.gwdg.de, venglin@freebsd.lublin.pl Subject: Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd) Message-ID: <200112011905.fB1J5Fu12216@giganda.komkon.org> In-Reply-To: <200112011125.fB1BPjf74314@mailhost.freebsd.lublin.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl> > Date: Sat, 1 Dec 2001 12:25:44 +0100 > > On Friday 30 November 2001 09:53, Konrad Heuer wrote: > > Any opinions whether wu-ftpd on FreeBSD is vulnerable too? To my mind, it > > seems so. > > actually, wu-ftpd on FreeBSD is vulnerable, but phk-malloc design prevents > from exploiting this. typical scenario of exploitation on linux box is: > Actually, ;-) AFAICT, the wu-ftpd port has been patched by the maintainer (ache). AFAICT, Patches from Wu-FTPD were incorporated. In any case, thanks Przemyslaw for the detailed analysis. Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112011905.fB1J5Fu12216>