From owner-freebsd-security Wed Apr 11 10:46:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with SMTP id CEEFD37B424 for ; Wed, 11 Apr 2001 10:46:09 -0700 (PDT) (envelope-from paulo@nlink.com.br) Received: (qmail 12537 invoked by uid 501); 11 Apr 2001 17:46:05 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 11 Apr 2001 17:46:05 -0000 Date: Wed, 11 Apr 2001 14:46:05 -0300 (EST) From: Paulo Fragoso To: "Alexey V. Neyman" Cc: Anton Vladimirov , Subject: Re: ftp vulnerability In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, How to patch FBSD 3.x and FBSD 4.x (for this DOS) withou make all in /usr/src? Are there any simple patch to ftpd used in FBSD 3.x and FBSD 4.x? Thanks, Paulo. On Wed, 11 Apr 2001, Alexey V. Neyman wrote: > Good day, Anton! > > When this hole was patched, libc was also corrected, so you'll need to > update it too. The least painful way will be CVSup, IMHO. > > # Alexey > > On Wed, 11 Apr 2001, Anton Vladimirov wrote: > > >Hello security, > > > > I run FreeBSD 4.0-RELEASE with all security patches applied. > > Could anyone clearly explain how to fix the recent > > ftpd hole for this version? > > > > I downloaded the sources of ftpd from the 4.2-CURRENT > > release, but how to install it? > > > > I do the following: > >============================================= > >bash-2.03# make depend > >yacc -o ftpcmd.c ftpcmd.y > >yacc: w - the symbol ext_arg is undefined > >rm -f .depend > >mkdep -f .depend -a -DSETPROCTITLE -DSKEY -DLOGIN_CAP -DVIRTUAL_HOSTING -DINET6 -I/usr/src/libexec/ftpd -Dmain=ls_main -I/usr/src/libexec/c > >cd /usr/src/libexec/ftpd; make _EXTRADEPEND > >echo ftpd: /usr/lib/libc.a /usr/lib/libskey.a /usr/lib/libmd.a /usr/lib/libcrypt.a /usr/lib/libutil.a /usr/lib/libpam.a >> .depend > >bash-2.03# make > >Warning: Object directory not changed from original /usr/src/libexec/ftpd > >cc -O -pipe -DSETPROCTITLE -DSKEY -DLOGIN_CAP -DVIRTUAL_HOSTING -Wall -DINET6 -I/usr/src/libexec/ftpd -Dmain=ls_main -I/usr/src/libexec/ftpd/c > >ftpd.c: In function `send_file_list': > >ftpd.c:2673: `GLOB_MAXPATH' undeclared (first use in this function) > >ftpd.c:2673: (Each undeclared identifier is reported only once > >ftpd.c:2673: for each function it appears in.) > >ftpd.c:2662: warning: variable `dout' might be clobbered by `longjmp' or `vfork' > >ftpd.c:2663: warning: variable `dirlist' might be clobbered by `longjmp' or `vfork' > >ftpd.c:2664: warning: variable `simple' might be clobbered by `longjmp' or `vfork' > >ftpd.c:2665: warning: variable `freeglob' might be clobbered by `longjmp' or `vfork' > >*** Error code 1 > > > >Stop in /usr/src/libexec/ftpd. > >================================================== > > > >Where am I mistaken? > > > > > >-- > >Best regards, > > Anton mailto:admin128@mail.ru > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- __O _-\<,_ Why drive when you can bike? (_)/ (_) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message