Date: Mon, 02 Oct 2000 17:43:10 -0600 From: Brett Glass <brett@lariat.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: Alex Charalabidis <alex@wnm.net>, "Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.org Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <4.3.2.7.2.20001002173916.046c16f0@localhost> In-Reply-To: <20001002143917.B22329@freefall.freebsd.org> References: <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002123113.049344d0@localhost> <Pine.BSF.4.21.0010021340020.90099-100000@earth.wnm.net> <4.3.2.7.2.20001002125825.00de8f00@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:39 PM 10/2/2000, Kris Kennaway wrote: >No, I think your client is expanding the %s locally and sending the >junk to the server. Kris: I think you may be right here! The client may also be expanding the %s on the way BACK from the server. If this is the case, it is more serious because it means that a malicious server might be able to take over the client. I am checking to see if there are holes in the server, too. So far, when I send the same strings to the server using good ol' Telnet the server seems to respond pretty much correctly. There are still some minor server glitches: Some error messages are sent twice instead of once, the command is always changed to all uppercase up to the first whitespace and then echoed back with this modification, and trailing whitespace at the ends of commands is not ignored. But while these things could use fixing, none of them are exploitable. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20001002173916.046c16f0>