Date: Tue, 03 Oct 2000 03:19:55 -0600 From: Wes Peters <wes@softweyr.com> To: Brett Glass <brett@lariat.org> Cc: Kris Kennaway <kris@FreeBSD.org>, Alex Charalabidis <alex@wnm.net>, "Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.org Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <39D9A4BB.1DB621CD@softweyr.com> References: <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002123113.049344d0@localhost> <Pine.BSF.4.21.0010021340020.90099-100000@earth.wnm.net> <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002173916.046c16f0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote: > > At 03:39 PM 10/2/2000, Kris Kennaway wrote: > > >No, I think your client is expanding the %s locally and sending the > >junk to the server. > > Kris: > > I think you may be right here! The client may also be expanding the > %s on the way BACK from the server. If this is the case, it is > more serious because it means that a malicious server might be > able to take over the client. A packet trace would be helpful here. I find ethereal to be quite an agreeable tool. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39D9A4BB.1DB621CD>