Date: Fri, 30 Nov 2001 23:29:48 -0500 (EST) From: Jason Hunt <leth@primus.ca> To: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> Cc: Konrad Heuer <kheuer@gwdu60.gwdg.de>, <freebsd-security@FreeBSD.ORG> Subject: Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd) Message-ID: <Pine.BSF.4.40.0111302326120.9057-100000@lethargic.dyndns.org> In-Reply-To: <20011130111138.7a26b526.kzaraska@student.uci.agh.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
I am running an older 4.4-STABLE which was last cvsup'd probably in late
July, and a newer 4.4-STABLE from mid-November, both of which are not
vulnerable.
On Fri, 30 Nov 2001, Krzysztof Zaraska wrote:
> On Fri, 30 Nov 2001 09:53:13 +0100 (CET) Konrad Heuer wrote:
>
> > Any opinions whether wu-ftpd on FreeBSD is vulnerable too? To my mind,
> it
> > seems so.
> The advisory by Dave Ahmad/Securityfocus.com (see BUGTRAQ archives) says
> that you can check if you are vulnerable by logging into FTP server and
> doing
> ftp> ls ~{
> if this segfaults, you are vulnerable.
>
> I don't have any machine running wu-ftpd at hand, unfortunately.
>
> The diffs from Red Hat patch were already published on this list.
>
> Regards,
> Krzysztof
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.40.0111302326120.9057-100000>