Date: Tue, 27 Apr 1999 12:51:51 -0400 From: Coranth Gryphon <gryphon@intech.net> To: Fernando Schapachnik <fpscha@ns1.sminter.com.ar> Cc: Igor Roshchin <igor@physics.uiuc.edu>, freebsd-security@FreeBSD.ORG Subject: Re: wu-ftpd: is there a vulnerability ? (was: Re: limit ftp users to their homedir) Message-ID: <3725EB27.58FAC00F@intech.net> References: <199904261540.MAA23971@ns1.sminter.com.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
Fernando Schapachnik wrote: > > > wu-ftpd on FreeBSD was not vulnerable > > to the most recent (realpath function) vulnerability due to > > specifics of FreeBSD's implementation of the realpath function. The FreeBSD version (and others with that codebase) are _less_ vulnerable. The problem is with buffer overruns within the WU source, only some of which are in the 'realpath' chunks. > various Unices so I preferred to change to the VR version on > FreeBSD machines also just to have the same software in all the The 'VR' series has now become the 'official' WU line -- we took over where 'Academ' left off. Coming some time in May is the 2.5.0 release of WU-FTPd, with most of the 'VR' pathes (up thru VR17) rolled in, plus additional security fixes. The current VR series is on: ftp://ftp.vr.net/pub/wu-ftpd Soon (when we finish getting organized :-), there will be: http://www.wuftpd.org ftp://ftp.wuftpd.org -coranth ========================================= [gryphon@wuftpd.org, gryphon@freebsd.org] Open Source -- The Only Solution To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3725EB27.58FAC00F>