Date: Tue, 03 Oct 2000 03:19:55 -0600 From: Wes Peters <wes@softweyr.com> To: Brett Glass <brett@lariat.org> Cc: Kris Kennaway <kris@FreeBSD.org>, Alex Charalabidis <alex@wnm.net>, "Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.org Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <39D9A4BB.1DB621CD@softweyr.com> References: <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002123113.049344d0@localhost> <Pine.BSF.4.21.0010021340020.90099-100000@earth.wnm.net> <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002173916.046c16f0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote:
>
> At 03:39 PM 10/2/2000, Kris Kennaway wrote:
>
> >No, I think your client is expanding the %s locally and sending the
> >junk to the server.
>
> Kris:
>
> I think you may be right here! The client may also be expanding the
> %s on the way BACK from the server. If this is the case, it is
> more serious because it means that a malicious server might be
> able to take over the client.
A packet trace would be helpful here. I find ethereal to be quite an
agreeable tool.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39D9A4BB.1DB621CD>