Date: Mon, 2 Oct 2000 14:39:17 -0700 From: Kris Kennaway <kris@FreeBSD.org> To: Brett Glass <brett@lariat.org> Cc: Alex Charalabidis <alex@wnm.net>, "Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <20001002143917.B22329@freefall.freebsd.org> In-Reply-To: <4.3.2.7.2.20001002125825.00de8f00@localhost>; from brett@lariat.org on Mon, Oct 02, 2000 at 01:28:39PM -0600 References: <4.3.2.7.2.20001002123113.049344d0@localhost> <Pine.BSF.4.21.0010021340020.90099-100000@earth.wnm.net> <4.3.2.7.2.20001002125825.00de8f00@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 02, 2000 at 01:28:39PM -0600, Brett Glass wrote: > At 12:51 PM 10/2/2000, Alex Charalabidis wrote: > ftp> quote %s%s%s%s%s > 500 '+H|X++_YX++|¶QUOTE %s%s%s%s%s(null)%s%s%s%s%s': command not understood. > > This means that while the FreeBSD FTP client crashed (and generated the segfault > message), the server did not crash. However, there's still junk in the message > sent back by the server, which indicates that I may be getting at the stack > here. No, I think your client is expanding the %s locally and sending the junk to the server. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe@alum.mit.edu> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001002143917.B22329>