Date: Mon, 2 Oct 2000 13:51:20 -0500 (CDT) From: Alex Charalabidis <alex@wnm.net> To: Brett Glass <brett@lariat.org> Cc: "Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <Pine.BSF.4.21.0010021340020.90099-100000@earth.wnm.net> In-Reply-To: <4.3.2.7.2.20001002123113.049344d0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2 Oct 2000, Brett Glass wrote: > At 12:29 PM 10/2/2000, Chris D . Faulhaber wrote: > > >The system's ftp daemon or wu-ftpd? The ftp daemons installed with 3.5.1 > >and 4.1[.1] don't seem affected. > > It DEFINITELY works on FreeBSD's own ftpd in 3.4-RELEASE and all 2.x versions > I have tested. > Yes it does. It was posted to bugtraq as a proftpd bug on 25 Jul 00 by Carlos Eduardo Gorges <carlos@VT.COM.BR>. I confirmed the bug existed on our 6.00LS too (and promptly forgot :P). As far as I know, there have been no exploits and it's not even a DoS since the parent process is unaffected. The default FreeBSD ftp client crashes before the server process does, so you can only see the problem with a client on a different OS (oddly enough, the MS-DOS 7 client seems to be the only one that creates no problems at all). -ac -- ============================================================== Alex Charalabidis (AC8139) 5050 Poplar Ave, Ste 170 Systems Administrator Memphis, TN 38157 WebNet Memphis (901) 432 6000 Author, The Book of IRC http://www.bookofirc.com/ ============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010021340020.90099-100000>