Date: Sun, 22 Mar 1998 19:39:44 -0800 (PST) From: Doug White <dwhite@gdi.uoregon.edu> To: ports@FreeBSD.ORG Subject: ncftp security bugfix (fwd) Message-ID: <Pine.BSF.3.96.980322193846.12360B-100000@gdi.uoregon.edu>
next in thread | raw e-mail | index | archive | help
Received this via a local security list. ache, you might want to upgrade this asap. == cut == For those of you that use ncftp: subject: ncftp 2.4.3 added by: scoop (scoop@unreal.org) date: 03/20/98 A new version of ncftp is available, fixing the security hole mentioned on roots hell.com (http://www.rootshell.com/view.cgi?199803) earlier this week. The vulnerability present in ncftp 2.4.2 enables the attacker to create cryptic directory names that execute commands on your local machine if you get -R them. There's some other small fixes, just browse the changelog (files/changelogs/ncftp-changelog). o Get it (ftp://ftp.ncftp.com/ncftp/ncftp-2.4.3.tar.gz) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980322193846.12360B-100000>