Date: Mon, 2 Oct 2000 14:39:17 -0700 From: Kris Kennaway <kris@FreeBSD.org> To: Brett Glass <brett@lariat.org> Cc: Alex Charalabidis <alex@wnm.net>, "Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <20001002143917.B22329@freefall.freebsd.org> In-Reply-To: <4.3.2.7.2.20001002125825.00de8f00@localhost>; from brett@lariat.org on Mon, Oct 02, 2000 at 01:28:39PM -0600 References: <4.3.2.7.2.20001002123113.049344d0@localhost> <Pine.BSF.4.21.0010021340020.90099-100000@earth.wnm.net> <4.3.2.7.2.20001002125825.00de8f00@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 02, 2000 at 01:28:39PM -0600, Brett Glass wrote:
> At 12:51 PM 10/2/2000, Alex Charalabidis wrote:
> ftp> quote %s%s%s%s%s
> 500 '+H|X++_YX++|¶QUOTE %s%s%s%s%s(null)%s%s%s%s%s': command not understood.
>
> This means that while the FreeBSD FTP client crashed (and generated the segfault
> message), the server did not crash. However, there's still junk in the message
> sent back by the server, which indicates that I may be getting at the stack
> here.
No, I think your client is expanding the %s locally and sending the
junk to the server.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001002143917.B22329>