From owner-freebsd-security Fri Nov 30 20:29:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail4.tor.primus.ca (mx-backup.primus.ca [216.254.136.135]) by hub.freebsd.org (Postfix) with ESMTP id 7D5DB37B416 for ; Fri, 30 Nov 2001 20:29:45 -0800 (PST) Received: from dialin-133-19.hamilton.primus.ca ([209.90.133.19]) by mail4.tor.primus.ca with esmtp (Exim 2.11 #1) id 16A1m3-00034Q-07; Fri, 30 Nov 2001 23:29:12 -0500 Date: Fri, 30 Nov 2001 23:29:48 -0500 (EST) From: Jason Hunt X-X-Sender: leth@lethargic.dyndns.org To: Krzysztof Zaraska Cc: Konrad Heuer , Subject: Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd) In-Reply-To: <20011130111138.7a26b526.kzaraska@student.uci.agh.edu.pl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I am running an older 4.4-STABLE which was last cvsup'd probably in late July, and a newer 4.4-STABLE from mid-November, both of which are not vulnerable. On Fri, 30 Nov 2001, Krzysztof Zaraska wrote: > On Fri, 30 Nov 2001 09:53:13 +0100 (CET) Konrad Heuer wrote: > > > Any opinions whether wu-ftpd on FreeBSD is vulnerable too? To my mind, > it > > seems so. > The advisory by Dave Ahmad/Securityfocus.com (see BUGTRAQ archives) says > that you can check if you are vulnerable by logging into FTP server and > doing > ftp> ls ~{ > if this segfaults, you are vulnerable. > > I don't have any machine running wu-ftpd at hand, unfortunately. > > The diffs from Red Hat patch were already published on this list. > > Regards, > Krzysztof > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message