Wu-ftpd FTP server contains remotely exploitable off-by-one bug

• Previous message: Matt Piechota: "Re: Kerberos to file server"
• Next in thread: polytarp_at_cyberspace.org: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
• Reply: polytarp_at_cyberspace.org: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
• Maybe reply: Mike Tancsa: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
• Reply: Robert Watson: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 31 Jul 2003 11:35:53 -0700
To: freebsd-security@freebsd.org

Hello,

I see in BugTraq that there's yet another problem with Wu-ftpd, but I see
no mention of it in the freebsd-security mailing list archives...I have
searched the indexes from all of June and July.

Wu is pretty widely used, so I'm surprised that nobody seems to have
mentioned this problem in this forum.

The notice on BugTraq mentioned only Linux, not FreeBSD, but that's no
reason to assume that FreeBSD machines aren't vulnerable, too. Which is
why I am confused as to the lack of discussion of this matter.

Can anyone shed some light on this?

Thank you,

John

-- 
+---------------------------------------------------------------------------+
| John Fox <jjf@mind.net>     |    System Administrator   | InfoStructure   |
+---------------------------------------------------------------------------+
|  "The people and friends that we have lost, the dreams that have faded... |
|  never forget them."  -- Yuna, Final Fantasy X                            |
+---------------------------------------------------------------------------+
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Matt Piechota: "Re: Kerberos to file server"
• Next in thread: polytarp_at_cyberspace.org: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
• Reply: polytarp_at_cyberspace.org: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
• Maybe reply: Mike Tancsa: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
• Reply: Robert Watson: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug ... > I see in BugTraq that there's yet another problem with Wu-ftpd, ... > reason to assume that FreeBSD machines aren't vulnerable, ... Buffer overflows which work on Linux do not work on FreeBSD. ... (FreeBSD-Security) Fwd: Freebsd FD exploit ... From bugtraq for those of you not on bugtraq. ... >/* Proof Of Concept exploit for the Freebsd file descriptors bug. ... some cases the kernel closes fds 0..2 after they are assigned to /dev/null, ... int main ... (FreeBSD-Security) Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug ... > I see in BugTraq that there's yet another problem with Wu-ftpd, ... > reason to assume that FreeBSD machines aren't vulnerable, ... If you want to bitch at someone, bitch at the wu-ftpd.org guys for ... (FreeBSD-Security) Re: "Correct" permissions on /var/mail? ... No, I didn't missed it, along with bugtraq thread. ... I ask you to post correct URL without any ... Bugtraq does not have FreeBSD specifics. ... (FreeBSD-Security) Re: Filesystem that both FreeBSD and OS X can read/write ... I have a small USB hard disk enclosure and would like to start ... using it to transfer files between OS X and FreeBSD machines. ... In my experience the only way is FAT32, for large drives you need to compile the freebsd kernel with the MSDOSFS_LARGE option. ... (freebsd-questions)