Date: Fri, 10 Sep 1999 22:31:05 -0600 From: Warner Losh <imp@village.org> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: Michael Grommet <mgrommet@isiar.net>, "'freebsd-security@freebsd.org'" <freebsd-security@FreeBSD.ORG> Subject: Re: Concerning Latest FTPD exploit: FreeBSD Security Advisory: FreeBS D-SA-99:03.ftpd Message-ID: <199909110431.WAA12612@harmony.village.org> In-Reply-To: Your message of "Sat, 11 Sep 1999 00:28:18 EDT." <199909110428.AAA82809@khavrinen.lcs.mit.edu> References: <199909110428.AAA82809@khavrinen.lcs.mit.edu> <7011ACE3864AD31183E50008C7FA081F01D4C2@ISIMAIN> <199909110418.WAA12288@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199909110428.AAA82809@khavrinen.lcs.mit.edu> Garrett Wollman writes: : You mis-read the question. /usr/libexec/ftpd is not vulnerable -- : wu-ftpd branched off the Berkeley main-line long before FreeBSD even : existed, and the problem `feature' was a wu-ftpd addition. I stand corrected. Sorry about that folks. Garrett is right. The stock ftpds on FreeBSD in 2.2.8R and 3.2R are both not impacted by these bugs. They only impact wuftpd, beroftpd (?) and proftpd. I may reissue the ftpd avisory since more security holes in proftpd have come to light and I've had several questions asked about the ftpd advisory that I thought were obvious, but turned out to be hard to get from the text I sent out. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909110431.WAA12612>