Date: Sun, 08 Jun 1997 20:31:07 -0700 From: David Greenman <dg@root.com> To: Mark Rollings <darkstar@telcentral.net> Cc: yossman <yossman@yoss.canweb.net>, security@FreeBSD.ORG Subject: Re: ftpd security weakness on FreeBSD (fwd) Message-ID: <199706090331.UAA00434@implode.root.com> In-Reply-To: Your message of "Sun, 08 Jun 1997 21:03:28 EDT." <3.0.32.19970608210325.009c66a0@mail.telcentral.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>Above any of the below mentioned deficiencies in the ftpd, CERT recently >released an advisory on the ftpd for practically all OS's. The replacement >mentioned below is not satisfactory in order to properly prevent attacks >covered in the advisory. wu-ftp-2.4.2-beta-13 is the correct ftpd to >compile for FreeBSD based machines. The advisory can be found in complete >form at CERT. www.cert.org. The bug I think you're refering to was fixed in FreeBSD prior to the CERT announcement - I was the one who found the bug and alerted CERT and AUSCERT. ...but yes, your advice to avoid pre-beta13 is very important. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706090331.UAA00434>