From owner-freebsd-questions  Tue Apr 10  4:48:40 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from joule.excelsus.com (w227.z064000119.buf-ny.dsl.cnc.net [64.0.119.227])
	by hub.freebsd.org (Postfix) with ESMTP id 1B75937B639
	for <freebsd-questions@freebsd.org>; Tue, 10 Apr 2001 04:48:35 -0700 (PDT)
	(envelope-from weldon@excelsus.com)
Received: from localhost (weldon@localhost)
	by joule.excelsus.com (8.9.3/8.9.3) with ESMTP id HAA02261
	for <freebsd-questions@freebsd.org>; Tue, 10 Apr 2001 07:48:14 -0400 (EDT)
Date: Tue, 10 Apr 2001 07:48:14 -0400 (EDT)
From: Weldon S Godfrey 3 <weldon@excelsus.com>
To: freebsd-questions@freebsd.org
Subject: CERT Advisory CA-2001-07 (fwd)
Message-ID: <Pine.BSF.4.21.0104100740200.2171-100000@joule.excelsus.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


The File Globbing Vulnerability mentioned in CERT Advisory CA-2001-07 is
fixed in 4.2-STABLE and 5.0-CURRENT and will be fixed on 4.3-RELEASE.

My question is, can the ftpd binary be used from 4.2-STABLE  for
4.2-RELEASE (or any 4.x-RELEASE) to fix this problem or is it that the   
binary cannot work under these versions or is the fix beyond the binary
(it involves shared libraries, etc.)?


Thanks,

Weldon

--SNIP from CERT CA-2001-07 --

   FreeBSD is vulnerable to the glob-related bugs. We have corrected
   these bugs in FreeBSD 5.0-CURRENT and FreeBSD 4.2-STABLE, and they
   will not be present in FreeBSD 4.3-RELEASE.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message