From owner-freebsd-security  Wed Apr 11  2:11:18 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ajax1.sovam.com (ajax1.sovam.com [194.67.1.172])
	by hub.freebsd.org (Postfix) with ESMTP id 22F0237B423
	for <security@freebsd.org>; Wed, 11 Apr 2001 02:11:15 -0700 (PDT)
	(envelope-from admin128@mail.ru)
Received: from ts16-a439.dial.sovam.com ([195.239.4.185]:1966 "EHLO
	ts16-a439.dial.sovam.com" ident: "NO-IDENT-SERVICE[2]" whoson:
	"-unregistered-" smtp-auth: <none> TLS-CIPHER: <none> TLS-PEER: <none>)
	by ajax1.sovam.com with ESMTP id <S237154AbRDKJLF>;
	Wed, 11 Apr 2001 13:11:05 +0400
Date:	Wed, 11 Apr 2001 13:10:04 +0400
From: Anton Vladimirov <admin128@mail.ru>
X-Mailer: The Bat! (v1.47 Halloween Edition)
Reply-To: Anton Vladimirov <admin128@mail.ru>
Organization: FBSD Administration Center
X-Priority: 3 (Normal)
Message-ID: <15739596567.20010411131004@mail.ru>
To: security@freebsd.org
Subject: ftp vulnerability
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello security,

  I run FreeBSD 4.0-RELEASE with all security patches applied.
  Could anyone clearly explain how to fix the recent
  ftpd hole for this version?

  I downloaded the sources of ftpd from the 4.2-CURRENT
  release, but how to install it?

  I do the following:
=============================================
bash-2.03# make depend
yacc  -o ftpcmd.c ftpcmd.y
yacc: w - the symbol ext_arg is undefined
rm -f .depend
mkdep -f .depend -a    -DSETPROCTITLE -DSKEY -DLOGIN_CAP -DVIRTUAL_HOSTING -DINET6 -I/usr/src/libexec/ftpd -Dmain=ls_main -I/usr/src/libexec/c
cd /usr/src/libexec/ftpd; make _EXTRADEPEND
echo ftpd: /usr/lib/libc.a /usr/lib/libskey.a /usr/lib/libmd.a /usr/lib/libcrypt.a /usr/lib/libutil.a /usr/lib/libpam.a >> .depend
bash-2.03# make
Warning: Object directory not changed from original /usr/src/libexec/ftpd
cc -O -pipe -DSETPROCTITLE -DSKEY -DLOGIN_CAP -DVIRTUAL_HOSTING -Wall -DINET6 -I/usr/src/libexec/ftpd -Dmain=ls_main -I/usr/src/libexec/ftpd/c
ftpd.c: In function `send_file_list':
ftpd.c:2673: `GLOB_MAXPATH' undeclared (first use in this function)
ftpd.c:2673: (Each undeclared identifier is reported only once
ftpd.c:2673: for each function it appears in.)
ftpd.c:2662: warning: variable `dout' might be clobbered by `longjmp' or `vfork'
ftpd.c:2663: warning: variable `dirlist' might be clobbered by `longjmp' or `vfork'
ftpd.c:2664: warning: variable `simple' might be clobbered by `longjmp' or `vfork'
ftpd.c:2665: warning: variable `freeglob' might be clobbered by `longjmp' or `vfork'
*** Error code 1

Stop in /usr/src/libexec/ftpd.
==================================================

Where am I mistaken?
  

-- 
Best regards,
 Anton                          mailto:admin128@mail.ru



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message