Re: remotely exploitable vulnerability in lukemftpd / tnftpd

From: Jacques A. Vidrine (nectar_at_FreeBSD.org)
Date: 08/17/04

  • Next message: Justin: "Re: sequences in the auth.log"
    Date: Tue, 17 Aug 2004 16:16:27 -0500
    To: Chuck Swiger <cswiger@mac.com>
    
    

    On Tue, Aug 17, 2004 at 05:14:16PM -0400, Chuck Swiger wrote:
    > Jacques A. Vidrine wrote:
    > [ ... ]
    > >Even in FreeBSD 4.7, lukemftpd was installed but not enabled.
    > >
    > >More details will be available in a FreeBSD advisory to follow.
    >
    > Hi, Jacques--
    >
    > Is this related to NetBSD Security Advisory 2004-009, at:
    > ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc?

    Yes, same issue.

    > More importantly, is FreeBSD's stock ftpd also affected, or just lukemftpd?

    Just lukemftpd. Przemyslaw's advisory has more details.
    http://lists.netsys.com/pipermail/full-disclosure/2004-August/025418.html

    Cheers,

    -- 
    Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Justin: "Re: sequences in the auth.log"