Date: Thu, 31 Jul 2003 19:28:52 -0400 (EDT) From: <polytarp@cyberspace.org> To: <fbsd@w88trigger.com> Cc: freebsd-security@freebsd.org Subject: Re: Wu-ftpd FTP server contains remotely exploitable off-by-one bug Message-ID: <Pine.SUN.3.96.1030731192730.9143A-100000@grex.cyberspace.org> In-Reply-To: <200307311441.46810.fbsd@w88trigger.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, I read Mike's E-mail. Did you read mine? I stated quite clearly, and I quote: can make buffer overflows. Mike and I are in complete agreement. On Thu, 31 Jul 2003 fbsd@w88trigger.com wrote: > Did you read Mike's email!? Sure, a different compiler and OS > can make buffer overflows not work, but that does not mean the > buffer overflow does not exist on a different system. The > buffer overflow MAY still exist and MAY still be exploitable > using different exploit code (as Mike stated in his email). > > > On Thursday 31 July 2003 14:31, polytarp@cyberspace.org wrote: > > On Thu, 31 Jul 2003 mike@sentex.net wrote: > > > At 02:40 PM 31/07/2003 -0400, polytarp@cyberspace.org wrote: > > > >Buffer overflows which work on Linux do not work on > > > > FreeBSD. > > > > > > You need to qualify that statement. Yes, there are some > > > that will not be relevant and the exact same exploit code > > > will not work. But "Buffer overflows which work on Linux > > > do not work on FreeBSD" is dangerously misleading.... In the > > > case of wu-ftpd there have been several issues in the past > > > that affected both FreeBSD and Linux. Same bug, different > > > exploit code, both vulnerable. That being said, I havent > > > had a chance to review this one so I dont know. > > > > No, you're wrong. Even a different COMPILER -- let alone a > > different OPERATING SYSTEM -- can make buffer overflows not > > work. > > > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to > > "freebsd-security-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.96.1030731192730.9143A-100000>