Re: ftp vulnerability

From: Alexey V. Neyman (avn@any.ru)
Date: 04/11/01 

Date:	Wed, 11 Apr 2001 13:48:31 +0400 (MSD)
From: "Alexey V. Neyman" <avn@any.ru>
To: Anton Vladimirov <admin128@mail.ru>

Good day, Anton!

When this hole was patched, libc was also corrected, so you'll need to
update it too. The least painful way will be CVSup, IMHO.

# Alexey

On Wed, 11 Apr 2001, Anton Vladimirov wrote:

>Hello security,
>
> I run FreeBSD 4.0-RELEASE with all security patches applied.
> Could anyone clearly explain how to fix the recent
> ftpd hole for this version?
>
> I downloaded the sources of ftpd from the 4.2-CURRENT
> release, but how to install it?
>
> I do the following:
>=============================================
>bash-2.03# make depend
>yacc -o ftpcmd.c ftpcmd.y
>yacc: w - the symbol ext_arg is undefined
>rm -f .depend
>mkdep -f .depend -a -DSETPROCTITLE -DSKEY -DLOGIN_CAP -DVIRTUAL_HOSTING -DINET6 -I/usr/src/libexec/ftpd -Dmain=ls_main -I/usr/src/libexec/c
>cd /usr/src/libexec/ftpd; make _EXTRADEPEND
>echo ftpd: /usr/lib/libc.a /usr/lib/libskey.a /usr/lib/libmd.a /usr/lib/libcrypt.a /usr/lib/libutil.a /usr/lib/libpam.a >> .depend
>bash-2.03# make
>Warning: Object directory not changed from original /usr/src/libexec/ftpd
>cc -O -pipe -DSETPROCTITLE -DSKEY -DLOGIN_CAP -DVIRTUAL_HOSTING -Wall -DINET6 -I/usr/src/libexec/ftpd -Dmain=ls_main -I/usr/src/libexec/ftpd/c
>ftpd.c: In function `send_file_list':
>ftpd.c:2673: `GLOB_MAXPATH' undeclared (first use in this function)
>ftpd.c:2673: (Each undeclared identifier is reported only once
>ftpd.c:2673: for each function it appears in.)
>ftpd.c:2662: warning: variable `dout' might be clobbered by `longjmp' or `vfork'
>ftpd.c:2663: warning: variable `dirlist' might be clobbered by `longjmp' or `vfork'
>ftpd.c:2664: warning: variable `simple' might be clobbered by `longjmp' or `vfork'
>ftpd.c:2665: warning: variable `freeglob' might be clobbered by `longjmp' or `vfork'
>*** Error code 1
>
>Stop in /usr/src/libexec/ftpd.
>==================================================
>
>Where am I mistaken?
>
>
>--
>Best regards,
> Anton mailto:admin128@mail.ru
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Microsoft Antispyware & NETBIOS Messenger
    ... When I reboot it is again AUTOMATIC. ... worse than a hole that you do see and thus monitor. ... You mention that you have all the patches which implies that you're using ... service pack two and it should be disabled automatically unless you, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Older releases? was Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip
    ... what steps do I follow to patch the system? ... > The patches seem to make relavent changes; I just want to be sure. ... kernel suffice for a solid upgrade? ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Pinch flat repair?
    ... I had a TWO hole punctures at the same time today due to a nasty pinch ... upon removing the tube I noticed TWO straight cuts ... Do you think these patches will hold ...
    (rec.sport.unicycling)
  • Re: KB824146 (New RPC vunrability)
    ... >> hole)? ... > (It saves having to reinstall old patches and updates) ... Via Windows Update maybe. ...
    (microsoft.public.security.virus)
  • Re: How builds OpenSSH 2.3?
    ... > Has anyone patched 4.x OpenSSH and/or the relevant ports to deal with the CRC ... > checksum exploit? ... I've just committed the security patch plus alfred's patches for ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
Quantcast