From owner-freebsd-security@FreeBSD.ORG Thu Jul 31 14:37:35 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDF3A37B401 for ; Thu, 31 Jul 2003 14:37:35 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-63-207-60-135.dsl.lsan03.pacbell.net [63.207.60.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1559643F85 for ; Thu, 31 Jul 2003 14:37:35 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id 010A966BE5; Thu, 31 Jul 2003 14:37:34 -0700 (PDT) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id BCE7166C; Thu, 31 Jul 2003 14:37:34 -0700 (PDT) Date: Thu, 31 Jul 2003 14:37:34 -0700 From: Kris Kennaway To: polytarp@cyberspace.org Message-ID: <20030731213734.GA15002@rot13.obsecurity.org> References: <5.2.0.9.0.20030731144633.05832008@209.112.4.2> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i cc: freebsd-security@freebsd.org Subject: Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 21:37:36 -0000 --IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 31, 2003 at 05:31:46PM -0400, polytarp@cyberspace.org wrote: > On Thu, 31 Jul 2003 mike@sentex.net wrote: >=20 > > At 02:40 PM 31/07/2003 -0400, polytarp@cyberspace.org wrote: > >=20 > >=20 > > >Buffer overflows which work on Linux do not work on FreeBSD. > >=20 > >=20 > > You need to qualify that statement. Yes, there are some that will not = be=20 > > relevant and the exact same exploit code will not work. But "Buffer= =20 > > overflows which work on Linux do not work on FreeBSD" is dangerously=20 > > misleading.... In the case of wu-ftpd there have been several issues in= the=20 > > past that affected both FreeBSD and Linux. Same bug, different exploit= =20 > > code, both vulnerable. That being said, I havent had a chance to revie= w=20 > > this one so I dont know. > >=20 >=20 > No, you're wrong. Even a different COMPILER -- let alone a different > OPERATING SYSTEM -- can make buffer overflows not work. 1) Can !=3D will. In most cases these vulnerabilities are fairly OS-neutral. 2) It is true that a given exploit for the overflowable buffer will not usually work on a different OS, but that doesn't mean that one cannot be easily developed to exploit that OS. Kris --IS0zKkzwUGydFO0o Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/KYweWry0BWjoQKURAh6IAJ9fu2FrWWVGFTt5YCSt2Q+nSHU6XQCg79Qt J/T9iQ96Bl3vhy6TJWH4TJ0= =51TZ -----END PGP SIGNATURE----- --IS0zKkzwUGydFO0o--