Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug

polytarp_at_cyberspace.org
Date: 08/01/03

  • Next message: Garrett Wollman: "IPSec"
    Date: Thu, 31 Jul 2003 19:28:52 -0400 (EDT)
    To: <fbsd@w88trigger.com>
    
    

    Yes, I read Mike's E-mail. Did you read mine? I stated quite clearly,
    and I quote: can make buffer overflows. Mike and I are in complete
    agreement.

    On Thu, 31 Jul 2003 fbsd@w88trigger.com wrote:

    > Did you read Mike's email!? Sure, a different compiler and OS
    > can make buffer overflows not work, but that does not mean the
    > buffer overflow does not exist on a different system. The
    > buffer overflow MAY still exist and MAY still be exploitable
    > using different exploit code (as Mike stated in his email).
    >
    >
    > On Thursday 31 July 2003 14:31, polytarp@cyberspace.org wrote:
    > > On Thu, 31 Jul 2003 mike@sentex.net wrote:
    > > > At 02:40 PM 31/07/2003 -0400, polytarp@cyberspace.org wrote:
    > > > >Buffer overflows which work on Linux do not work on
    > > > > FreeBSD.
    > > >
    > > > You need to qualify that statement. Yes, there are some
    > > > that will not be relevant and the exact same exploit code
    > > > will not work. But "Buffer overflows which work on Linux
    > > > do not work on FreeBSD" is dangerously misleading.... In the
    > > > case of wu-ftpd there have been several issues in the past
    > > > that affected both FreeBSD and Linux. Same bug, different
    > > > exploit code, both vulnerable. That being said, I havent
    > > > had a chance to review this one so I dont know.
    > >
    > > No, you're wrong. Even a different COMPILER -- let alone a
    > > different OPERATING SYSTEM -- can make buffer overflows not
    > > work.
    > >
    > > _______________________________________________
    > > freebsd-security@freebsd.org mailing list
    > > http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > > To unsubscribe, send any mail to
    > > "freebsd-security-unsubscribe@freebsd.org"
    >
    >

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Garrett Wollman: "IPSec"