Date: Thu, 31 Jul 2003 17:31:46 -0400 (EDT) From: <polytarp@cyberspace.org> To: <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug Message-ID: <Pine.SUN.3.96.1030731172959.25972A-100000@grex.cyberspace.org> In-Reply-To: <5.2.0.9.0.20030731144633.05832008@209.112.4.2>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 31 Jul 2003 mike@sentex.net wrote: > At 02:40 PM 31/07/2003 -0400, polytarp@cyberspace.org wrote: > > > >Buffer overflows which work on Linux do not work on FreeBSD. > > > You need to qualify that statement. Yes, there are some that will not be > relevant and the exact same exploit code will not work. But "Buffer > overflows which work on Linux do not work on FreeBSD" is dangerously > misleading.... In the case of wu-ftpd there have been several issues in the > past that affected both FreeBSD and Linux. Same bug, different exploit > code, both vulnerable. That being said, I havent had a chance to review > this one so I dont know. > No, you're wrong. Even a different COMPILER -- let alone a different OPERATING SYSTEM -- can make buffer overflows not work.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.96.1030731172959.25972A-100000>