Date: Thu, 31 Jul 2003 14:52:56 -0400 From: Mike Tancsa <mike@sentex.net> To: <polytarp@cyberspace.org> Cc: freebsd-security@freebsd.org Subject: Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug Message-ID: <5.2.0.9.0.20030731144633.05832008@209.112.4.2> In-Reply-To: <Pine.SUN.3.96.1030731144032.5403A-100000@grex.cyberspace.o rg> References: <20030731183553.GA85469@mind.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:40 PM 31/07/2003 -0400, polytarp@cyberspace.org wrote:
>Buffer overflows which work on Linux do not work on FreeBSD.
You need to qualify that statement. Yes, there are some that will not be
relevant and the exact same exploit code will not work. But "Buffer
overflows which work on Linux do not work on FreeBSD" is dangerously
misleading.... In the case of wu-ftpd there have been several issues in the
past that affected both FreeBSD and Linux. Same bug, different exploit
code, both vulnerable. That being said, I havent had a chance to review
this one so I dont know.
---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.0.20030731144633.05832008>