Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug
Date: Thu, 31 Jul 2003 19:28:52 -0400 (EDT) To: <firstname.lastname@example.org>
Yes, I read Mike's E-mail. Did you read mine? I stated quite clearly,
and I quote: can make buffer overflows. Mike and I are in complete
On Thu, 31 Jul 2003 email@example.com wrote:
> Did you read Mike's email!? Sure, a different compiler and OS
> can make buffer overflows not work, but that does not mean the
> buffer overflow does not exist on a different system. The
> buffer overflow MAY still exist and MAY still be exploitable
> using different exploit code (as Mike stated in his email).
> On Thursday 31 July 2003 14:31, firstname.lastname@example.org wrote:
> > On Thu, 31 Jul 2003 email@example.com wrote:
> > > At 02:40 PM 31/07/2003 -0400, firstname.lastname@example.org wrote:
> > > >Buffer overflows which work on Linux do not work on
> > > > FreeBSD.
> > >
> > > You need to qualify that statement. Yes, there are some
> > > that will not be relevant and the exact same exploit code
> > > will not work. But "Buffer overflows which work on Linux
> > > do not work on FreeBSD" is dangerously misleading.... In the
> > > case of wu-ftpd there have been several issues in the past
> > > that affected both FreeBSD and Linux. Same bug, different
> > > exploit code, both vulnerable. That being said, I havent
> > > had a chance to review this one so I dont know.
> > No, you're wrong. Even a different COMPILER -- let alone a
> > different OPERATING SYSTEM -- can make buffer overflows not
> > work.
> > _______________________________________________
> > email@example.com mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-security
> > To unsubscribe, send any mail to
> > "firstname.lastname@example.org"
email@example.com mailing list
To unsubscribe, send any mail to "firstname.lastname@example.org"