From owner-freebsd-security Mon Apr 26 8:41:17 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sminter.com.ar (ns1.sminter.com.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id C6B211520A for ; Mon, 26 Apr 1999 08:41:09 -0700 (PDT) (envelope-from fpscha@ns1.sminter.com.ar) Received: (from fpscha@localhost) by ns1.sminter.com.ar (8.8.5/8.8.4) id MAA23971; Mon, 26 Apr 1999 12:40:59 -0300 (GMT) From: Fernando Schapachnik Message-Id: <199904261540.MAA23971@ns1.sminter.com.ar> Subject: Re: wu-ftpd: is there a vulnerability ? (was: Re: limit ftp users to their homedir) In-Reply-To: <199904261529.KAA17354@alecto.physics.uiuc.edu> from Igor Roshchin at "Apr 26, 99 10:29:04 am" To: igor@physics.uiuc.edu (Igor Roshchin) Date: Mon, 26 Apr 1999 12:40:58 -0300 (GMT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Igor Roshchin escribió: > > Time to time somebody mentions that the current version of the wu-ftpd > is vulnerable (e.g. see below). [...] > Also, as it was explained earlier (sorry, I don't remember who it was, > probably Satoshi Asami ?) wu-ftpd on FreeBSD was not vulnerable > to the most recent (realpath function) vulnerability due to > specifics of FreeBSD's implementation of the realpath function. Sorry, I didn't want to bring confusion. I maintain a network with various Unices so I preferred to change to the VR version on the FreeBSD machines also just to have the same software in all the servers. I really did not pay attention to the FreeBSD especific issue. Regards. Fernando P. Schapachnik Administración de la red VIA Net Works Argentina SA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message