From owner-freebsd-security Tue Apr 10 16:11:30 2001 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [64.81.208.78]) by hub.freebsd.org (Postfix) with SMTP id 27E0637B423 for ; Tue, 10 Apr 2001 16:11:27 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 22921 invoked from network); 10 Apr 2001 23:11:29 -0000 Received: from localhost (HELO book) (root@127.0.0.1) by localhost with SMTP; 10 Apr 2001 23:11:29 -0000 Message-ID: <004401c0c213$9323fbb0$9865fea9@book> From: "alexus" To: "David" , References: <01041017530502.11342@descrypt.com> Subject: Re: FTPD vulnerability question Date: Tue, 10 Apr 2001 19:10:20 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org how can I check my ftpd? i don't run ftpd the one it came with distributive.. ----- Original Message ----- From: "David" To: Sent: Tuesday, April 10, 2001 6:53 PM Subject: FTPD vulnerability question > I just read the CERT advisory, and noticed it mentioned FreeBSD FTPD > vulnerable. I took a quick check at the source code for the stock FTPD on my > system, and did not notice any possible overflows for glob().. atleast none > that jumped out at me (yet?). > > FreeBSD 4.2-STABLE #0: Sun Jan 21 11:43:43 EST 2001 > root@fortress:/usr/obj/usr/src/sys/FORTRESS > > # telnet 0 21 > Trying 0.0.0.0... > Connected to 0. > Escape character is '^]'. > 220 [server name] FTP server (Version 6.00LS) ready. > > I am just making sure that the CERT advisory meant ALL 4.2 -stable versions > (I am a bit paranoid right now :). If it does that's great. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message