Date: Mon, 2 Oct 2000 13:42:27 -0500 (CDT) From: Dan Debertin <airboss@bitstream.net> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <Pine.LNX.4.21.0010021331250.1161-100000@dmitri.bitstream.net> In-Reply-To: <4.3.2.7.2.20001002113441.04932240@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I realize that there have been quite a few advisories related to wu-ftpd lately. However, looking at the example you quote below, it looks as if it is the Linux FTP _client_ that is SEGVing, not the server. Would a server tell the remote end that it has segfaulted? No. Run strace on your ftp client, and you'll see the SEGV.=20 ~Dan D. - -- ++ Dan Debertin ++ Senior Systems Administrator ++ Bitstream Underground, LLC ++ airboss@bitstream.net ++ (612)321-9290 ++ GPG Fingerprint: 0BC5 F4D6 649F D0C8 D1A7 CAE4 BEF4 0A5C 300D 2387 On Mon, 2 Oct 2000, Brett Glass wrote: > >somewhere:/$ ftp 127.0.0.1 > >Connected to 1127.0.0.1. > >220 somewhere.in.internet FTP server (Version wu-2.6.1(1) Mon Jul 3 10:4= 9:59 > >EEST 2000) ready. > >Name (0:somebody): ftp > >331 Guest login ok, send your complete e-mail address as password. > >Password: > >230-Welcome, archive user! This is an experimental FTP server. If have= any > >230-unusual problems, please report them via e-mail to > >root@somewhere.in.internet > >230-If you do have problems, please try using a dash (-) as the first > >character > >230-of your password -- this will turn off the continuation messages tha= t > >may > >230-be confusing your ftp client. > >230- > >230 Guest login ok, access restrictions apply. > >Remote system type is UNIX. > >Using binary mode to transfer files. > >ftp> quote %s%s%s%s > >500 'TP=BF9(NULL)': command not understood. > >ftp>quote %s%s%s%s%s > >Segmentation fault > >somewhere:/$ uname -a > >Linux somewhere 2.2.12 #1 Sun Sep 19 13:35:59 EEST 1999 i686 unknown > >somewhere:/$ > >This is a Slackware 4.0 with last wuftpd.tgz ( 02-oct-2000 ) >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjnY1yMACgkQvvQKXDANI4davgCfSU1nVIlMxbORHc+HFOtCqtA6 kf0AoKczYisCzr9UPbPbEHzGmO/sop1b =3D6ICM -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0010021331250.1161-100000>