Date: Tue, 16 Feb 1999 09:39:53 -0500 From: Adam Shostack <adam@homeport.org> To: Andrew McNaughton <andrew@squiz.co.nz>, cjclark@home.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: CA-99-03-FTP-Buffer-Overflows Message-ID: <19990216093953.A324@weathership.homeport.org> In-Reply-To: <199902160913.WAA17654@aniwa.sky>; from Andrew McNaughton on Tue, Feb 16, 1999 at 10:13:02PM %2B1300 References: <199902160313.WAA29938@cc942873-a.ewndsr1.nj.home.com> <199902160913.WAA17654@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help
Jordan sent email to security-officer@freebsd.org on Jan 20th or so, and we got no response. We'd be happy to include FreeBSD if we get an answer about the FTPd shipped with the OS. Wu- and pro- are vulnerable. Adam On Tue, Feb 16, 1999 at 10:13:02PM +1300, Andrew McNaughton wrote: | > See, | > | > http://www.cert.org/advisories/CA-99-03-FTP-Buffer-Overflows.html | > | > For the full text. | > | > Is FreeBSD vunerable? I hope that this, | > | > > % NetBSD | > > | > > % NetBSD All versions ARE NOT vulnerable. | > | > Implies FreeBSD is neither. I know FreeBSD and NetBSD use the same | > ftp, but ftpd? Just looking for verification. Thanks. | | I found it rather curious that FreeBSD's ftpd was not mentioned. Particularly as the PGP signature's version ID said FreeBSD was used, implying that it would have been around for testing. | | Andrew McNaughton | | | | | To Unsubscribe: send mail to majordomo@FreeBSD.org | with "unsubscribe freebsd-security" in the body of the message -- "It is seldom that liberty of any kind is lost all at once." -Hume To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990216093953.A324>