From owner-freebsd-questions Tue Apr 17 12:22:32 2001 Delivered-To: freebsd-questions@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-27.dsl.lsan03.pacbell.net [63.207.60.27]) by hub.freebsd.org (Postfix) with ESMTP id 682FA37B423 for ; Tue, 17 Apr 2001 12:22:30 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 05BDD66B38; Tue, 17 Apr 2001 12:22:29 -0700 (PDT) Date: Tue, 17 Apr 2001 12:22:29 -0700 From: Kris Kennaway To: Tony Wells Cc: freebsd-questions@FreeBSD.ORG Subject: Re: CA-2001-07 patch? Message-ID: <20010417122229.A11224@xor.obsecurity.org> References: <3AD607CC.CC1913BE@journalstar.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="opJtzjQTFsWo+cga" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3AD607CC.CC1913BE@journalstar.com>; from awells@journalstar.com on Thu, Apr 12, 2001 at 02:53:48PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --opJtzjQTFsWo+cga Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Apr 12, 2001 at 02:53:48PM -0500, Tony Wells wrote: > I was wondering if a patch had been released yet for the ftpd file > glob'ing exploit. I searched the archives, and looked at the security > advisories, but haven't found anything. The advisory went out just now. There was a minor remaining problem allowing users with an account to DoS the server which prevented us from sending it out yesterday; the rest of the patches were in place some time ago. Kris --opJtzjQTFsWo+cga Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE63Jf1Wry0BWjoQKURAu4gAKCHVC6BTKXp4YXj+Z5agW/OWonh+ACfcUNY aU56gM2T44FvsliOuqwRfm8= =Wzs4 -----END PGP SIGNATURE----- --opJtzjQTFsWo+cga-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message