From owner-cvs-all  Mon Aug 30 12:14:10 1999
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 08313157C2; Mon, 30 Aug 1999 12:14:08 -0700 (PDT)
	(envelope-from cpiazza@FreeBSD.org)
Received: (from cpiazza@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id MAA89802;
	Mon, 30 Aug 1999 12:14:07 -0700 (PDT)
	(envelope-from cpiazza@FreeBSD.org)
Message-Id: <199908301914.MAA89802@freefall.freebsd.org>
From: Chris Piazza <cpiazza@FreeBSD.org>
Date: Mon, 30 Aug 1999 12:14:07 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/ftp/wu-ftpd Makefile ports/ftp/wu-ftpd/files md5
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

cpiazza     1999/08/30 12:14:07 PDT

  Modified files:
    ftp/wu-ftpd          Makefile 
    ftp/wu-ftpd/files    md5 
  Log:
  Add a PATCH_FILE to close a security hole in wu-ftpd.
  
  Quoted from wu-ftpd group's accouncement:
  
      Due to insufficient bounds checking on directory name lengths which can
      be supplied by users, it is possible to overwrite the static memory
      space of the wu-ftpd daemon while it is executing under certain
      configurations.  By having the ability to create directories and
      supplying carefully designed directory names to the wu-ftpd, users may
      gain privileged access.
  
  PR:		13475
  Submitted by:	jack@germanium.xtalwind.net
  
  Revision  Changes    Path
  1.29      +4 -1      ports/ftp/wu-ftpd/Makefile
  1.20      +1 -0      ports/ftp/wu-ftpd/files/md5



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message