From owner-freebsd-ports Sun Mar 22 19:39:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA05957 for freebsd-ports-outgoing; Sun, 22 Mar 1998 19:39:58 -0800 (PST) (envelope-from owner-freebsd-ports@FreeBSD.ORG) Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA05949 for ; Sun, 22 Mar 1998 19:39:52 -0800 (PST) (envelope-from dwhite@gdi.uoregon.edu) Received: from localhost (dwhite@localhost) by gdi.uoregon.edu (8.8.7/8.8.8) with SMTP id TAA12381 for ; Sun, 22 Mar 1998 19:39:44 -0800 (PST) (envelope-from dwhite@gdi.uoregon.edu) Date: Sun, 22 Mar 1998 19:39:44 -0800 (PST) From: Doug White Reply-To: Doug White To: ports@FreeBSD.ORG Subject: ncftp security bugfix (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Received this via a local security list. ache, you might want to upgrade this asap. == cut == For those of you that use ncftp: subject: ncftp 2.4.3 added by: scoop (scoop@unreal.org) date: 03/20/98 A new version of ncftp is available, fixing the security hole mentioned on roots hell.com (http://www.rootshell.com/view.cgi?199803) earlier this week. The vulnerability present in ncftp 2.4.2 enables the attacker to create cryptic directory names that execute commands on your local machine if you get -R them. There's some other small fixes, just browse the changelog (files/changelogs/ncftp-changelog). o Get it (ftp://ftp.ncftp.com/ncftp/ncftp-2.4.3.tar.gz) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message