Date: Tue, 03 Oct 2000 10:18:47 -0600 From: Brett Glass <brett@lariat.org> To: Max Khon <fjoe@iclub.nsu.ru>, Neil Blakey-Milner <nbm@mithrandr.moria.org> Cc: "Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <4.3.2.7.2.20001003094705.04c60580@localhost> In-Reply-To: <Pine.BSF.4.21.0010031215170.25765-100000@iclub.nsu.ru> References: <20001002204526.A58098@mithrandr.moria.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:20 PM 10/2/2000, Max Khon wrote: >> Using binary mode to transfer files. >> ftp> quot %s%s%s%s >> 500 '%S%S%S%S': command not understood. >> >> A 3.4 ftp client to 'futon' also segfaults. The ftp server doesn't >> segfault in the cases I've tried. > >this was fixed in HEAD, RELENG_4 and RELENG_3 on Jun 23 2000 >(cmds.c 1.17, 1.16.2.1 and 1.14.2.3) > >/fjoe This fixes the bug in the client, which goes ALL THE WAY BACK to Berkeley ftp of ages past. I believe that this is the source of the problem in the Microsoft client, too, as it is BSD-derived. Don't know about the Linux code, but I would not be surprised if it were cribbed from BSD (possibly without attribution -- and, if so, in violation of the BSD license). I am beginning to think that this bug exists in a very large percentage of the command line ftp clients in the world. Am still checking out various servers. Some do behave strangely when fed strings with %s and (especially) %n. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20001003094705.04c60580>