From owner-freebsd-security Tue Apr 10 16:39: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from beast.daemontech.com (beast.daemontech.com [208.135.51.45]) by hub.freebsd.org (Postfix) with SMTP id E5AB737B422 for ; Tue, 10 Apr 2001 16:38:58 -0700 (PDT) (envelope-from nmh@daemontech.com) Received: (qmail 39173 invoked for bounce); 10 Apr 2001 23:38:59 -0000 Received: from xwin.daemontech.net (208.135.51.161) by beast.daemontech.com with SMTP; 10 Apr 2001 23:38:59 -0000 Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <01041018392603.11342@descrypt.com> Date: Tue, 10 Apr 2001 16:38:59 -0700 (PDT) From: Nicole Harrington To: David Subject: Re: FTPD ... (to: alexus) Cc: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 10-Apr-01 David wrote: > Easiest way is a simple "telnet 127.0.0.1 21" > read the banner... > Read the banner for what? I sure wish I could find out or have in the Cert advisory that FTP daemon version XX to XX is vulnerable. Does anyone know this information?? "We have corrected these bugs in FreeBSD 5.0-CURRENT and FreeBSD 4.2-STABLE" Current and Stable are a moving targets. How can people just say these things. I can assume, but we all know what that means. Stable as of When has the patches. I can get the ftpd patch were if I don't want to do a full cvsup?? From Cert Advisory: "FREEBSD is vulnerable to the glob-related bugs. We have corrected these bugs in FreeBSD 5.0-CURRENT and FreeBSD 4.2-STABLE, and they will not be present in FreeBSD 4.3-RELEASE." Nicole > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message