Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)
From: Igor Roshchin (str@giganda.komkon.org)
Date: 12/01/01
- Next message: Gregory Sutter: "Re: philosophical question..."
- Previous message: D J Hawkey Jr: "Re: options USER_LDT"
- In reply to: Przemyslaw Frasunek: "Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)"
- Next in thread: Konrad Heuer: "Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 1 Dec 2001 14:05:15 -0500 (EST) From: Igor Roshchin <str@giganda.komkon.org> To: freebsd-security@FreeBSD.ORG, kheuer@gwdu60.gwdg.de, venglin@freebsd.lublin.pl
> From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
> Date: Sat, 1 Dec 2001 12:25:44 +0100
>
> On Friday 30 November 2001 09:53, Konrad Heuer wrote:
> > Any opinions whether wu-ftpd on FreeBSD is vulnerable too? To my mind, it
> > seems so.
>
> actually, wu-ftpd on FreeBSD is vulnerable, but phk-malloc design prevents
> from exploiting this. typical scenario of exploitation on linux box is:
>
Actually, ;-)
AFAICT, the wu-ftpd port has been patched by the maintainer (ache).
AFAICT, Patches from Wu-FTPD were incorporated.
In any case, thanks Przemyslaw for the detailed analysis.
Igor
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Gregory Sutter: "Re: philosophical question..."
- Previous message: D J Hawkey Jr: "Re: options USER_LDT"
- In reply to: Przemyslaw Frasunek: "Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)"
- Next in thread: Konrad Heuer: "Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
