Date: Wed, 11 Apr 2001 14:46:05 -0300 (EST) From: Paulo Fragoso <paulo@nlink.com.br> To: "Alexey V. Neyman" <avn@any.ru> Cc: Anton Vladimirov <admin128@mail.ru>, <security@FreeBSD.ORG> Subject: Re: ftp vulnerability Message-ID: <Pine.BSF.4.33.0104111444040.9383-100000@mirage.nlink.com.br> In-Reply-To: <Pine.BSF.4.33.0104111346370.56094-100000@srv2.any>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, How to patch FBSD 3.x and FBSD 4.x (for this DOS) withou make all in /usr/src? Are there any simple patch to ftpd used in FBSD 3.x and FBSD 4.x? Thanks, Paulo. On Wed, 11 Apr 2001, Alexey V. Neyman wrote: > Good day, Anton! > > When this hole was patched, libc was also corrected, so you'll need to > update it too. The least painful way will be CVSup, IMHO. > > # Alexey > > On Wed, 11 Apr 2001, Anton Vladimirov wrote: > > >Hello security, > > > > I run FreeBSD 4.0-RELEASE with all security patches applied. > > Could anyone clearly explain how to fix the recent > > ftpd hole for this version? > > > > I downloaded the sources of ftpd from the 4.2-CURRENT > > release, but how to install it? > > > > I do the following: > >============================================= > >bash-2.03# make depend > >yacc -o ftpcmd.c ftpcmd.y > >yacc: w - the symbol ext_arg is undefined > >rm -f .depend > >mkdep -f .depend -a -DSETPROCTITLE -DSKEY -DLOGIN_CAP -DVIRTUAL_HOSTING -DINET6 -I/usr/src/libexec/ftpd -Dmain=ls_main -I/usr/src/libexec/c > >cd /usr/src/libexec/ftpd; make _EXTRADEPEND > >echo ftpd: /usr/lib/libc.a /usr/lib/libskey.a /usr/lib/libmd.a /usr/lib/libcrypt.a /usr/lib/libutil.a /usr/lib/libpam.a >> .depend > >bash-2.03# make > >Warning: Object directory not changed from original /usr/src/libexec/ftpd > >cc -O -pipe -DSETPROCTITLE -DSKEY -DLOGIN_CAP -DVIRTUAL_HOSTING -Wall -DINET6 -I/usr/src/libexec/ftpd -Dmain=ls_main -I/usr/src/libexec/ftpd/c > >ftpd.c: In function `send_file_list': > >ftpd.c:2673: `GLOB_MAXPATH' undeclared (first use in this function) > >ftpd.c:2673: (Each undeclared identifier is reported only once > >ftpd.c:2673: for each function it appears in.) > >ftpd.c:2662: warning: variable `dout' might be clobbered by `longjmp' or `vfork' > >ftpd.c:2663: warning: variable `dirlist' might be clobbered by `longjmp' or `vfork' > >ftpd.c:2664: warning: variable `simple' might be clobbered by `longjmp' or `vfork' > >ftpd.c:2665: warning: variable `freeglob' might be clobbered by `longjmp' or `vfork' > >*** Error code 1 > > > >Stop in /usr/src/libexec/ftpd. > >================================================== > > > >Where am I mistaken? > > > > > >-- > >Best regards, > > Anton mailto:admin128@mail.ru > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- __O _-\<,_ Why drive when you can bike? (_)/ (_) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0104111444040.9383-100000>