Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug
fbsd_at_w88trigger.com
Date: 07/31/03
- Previous message: Kris Kennaway: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
- In reply to: polytarp_at_cyberspace.org: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
- Next in thread: Robert Watson: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <polytarp@cyberspace.org>, <mike@sentex.net> Date: Thu, 31 Jul 2003 14:41:46 -0700
Did you read Mike's email!? Sure, a different compiler and OS
can make buffer overflows not work, but that does not mean the
buffer overflow does not exist on a different system. The
buffer overflow MAY still exist and MAY still be exploitable
using different exploit code (as Mike stated in his email).
On Thursday 31 July 2003 14:31, polytarp@cyberspace.org wrote:
> On Thu, 31 Jul 2003 mike@sentex.net wrote:
> > At 02:40 PM 31/07/2003 -0400, polytarp@cyberspace.org wrote:
> > >Buffer overflows which work on Linux do not work on
> > > FreeBSD.
> >
> > You need to qualify that statement. Yes, there are some
> > that will not be relevant and the exact same exploit code
> > will not work. But "Buffer overflows which work on Linux
> > do not work on FreeBSD" is dangerously misleading.... In the
> > case of wu-ftpd there have been several issues in the past
> > that affected both FreeBSD and Linux. Same bug, different
> > exploit code, both vulnerable. That being said, I havent
> > had a chance to review this one so I dont know.
>
> No, you're wrong. Even a different COMPILER -- let alone a
> different OPERATING SYSTEM -- can make buffer overflows not
> work.
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Kris Kennaway: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
- In reply to: polytarp_at_cyberspace.org: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
- Next in thread: Robert Watson: "Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
