From owner-freebsd-ports  Sun Mar 22 19:39:58 1998
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA05957
          for freebsd-ports-outgoing; Sun, 22 Mar 1998 19:39:58 -0800 (PST)
          (envelope-from owner-freebsd-ports@FreeBSD.ORG)
Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA05949
          for <ports@freebsd.org>; Sun, 22 Mar 1998 19:39:52 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by gdi.uoregon.edu (8.8.7/8.8.8) with SMTP id TAA12381
          for <ports@freebsd.org>; Sun, 22 Mar 1998 19:39:44 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Date: Sun, 22 Mar 1998 19:39:44 -0800 (PST)
From: Doug White <dwhite@gdi.uoregon.edu>
Reply-To: Doug White <dwhite@resnet.uoregon.edu>
To: ports@FreeBSD.ORG
Subject: ncftp security bugfix (fwd)
Message-ID: <Pine.BSF.3.96.980322193846.12360B-100000@gdi.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Received this via a local security list.  ache, you might want to upgrade
this asap.

== cut ==

For those of you that use ncftp:
 
 subject: ncftp 2.4.3 
added by: scoop (scoop@unreal.org) 
    date: 03/20/98 
 
A new version of ncftp is available, fixing the security hole
mentioned on roots hell.com (http://www.rootshell.com/view.cgi?199803)
earlier this week. The vulnerability present in ncftp 2.4.2 enables
the attacker to create cryptic directory names that execute commands
on your local machine if you get -R them. There's some other small
fixes, just browse the changelog (files/changelogs/ncftp-changelog). 
  
o Get it (ftp://ftp.ncftp.com/ncftp/ncftp-2.4.3.tar.gz) 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message