From owner-freebsd-security Sat Dec 1 11: 5:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id C949B37B405 for ; Sat, 1 Dec 2001 11:05:18 -0800 (PST) Received: (from str@localhost) by giganda.komkon.org (8.11.3/8.11.3) id fB1J5Fu12216; Sat, 1 Dec 2001 14:05:15 -0500 (EST) (envelope-from str) Date: Sat, 1 Dec 2001 14:05:15 -0500 (EST) From: Igor Roshchin Message-Id: <200112011905.fB1J5Fu12216@giganda.komkon.org> To: freebsd-security@FreeBSD.ORG, kheuer@gwdu60.gwdg.de, venglin@freebsd.lublin.pl Subject: Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd) In-Reply-To: <200112011125.fB1BPjf74314@mailhost.freebsd.lublin.pl> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > From: Przemyslaw Frasunek > Date: Sat, 1 Dec 2001 12:25:44 +0100 > > On Friday 30 November 2001 09:53, Konrad Heuer wrote: > > Any opinions whether wu-ftpd on FreeBSD is vulnerable too? To my mind, it > > seems so. > > actually, wu-ftpd on FreeBSD is vulnerable, but phk-malloc design prevents > from exploiting this. typical scenario of exploitation on linux box is: > Actually, ;-) AFAICT, the wu-ftpd port has been patched by the maintainer (ache). AFAICT, Patches from Wu-FTPD were incorporated. In any case, thanks Przemyslaw for the detailed analysis. Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message