From owner-freebsd-security Wed Sep 15 19:28:17 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 7C80C153B8 for ; Wed, 15 Sep 1999 19:28:13 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id UAA75354; Wed, 15 Sep 1999 20:28:12 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id UAA17782; Wed, 15 Sep 1999 20:27:36 -0600 (MDT) Message-Id: <199909160227.UAA17782@harmony.village.org> To: "Kelsey Cummings" Subject: Re: FreeBSD Vulnerabilities in wu-ftpd and proftpd (J-068) Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Wed, 15 Sep 1999 14:17:59 PDT." <0e6f01beffbf$c991bb00$33f9c9d0@neteze.com> References: <0e6f01beffbf$c991bb00$33f9c9d0@neteze.com> Date: Wed, 15 Sep 1999 20:27:36 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- In message <0e6f01beffbf$c991bb00$33f9c9d0@neteze.com> "Kelsey Cummings" writes: : Is checking out the lastest verision of wu-ftpd (wu-ftpd-2.4.2-vr17?) from : the ports collection (cvs co wu-ftpd) fix this vulnerablity, I'm relatively : new to this and it wasn't clear in the bulitin what versions were affected, : only that those previous to August 30, 1999 are. Thanks. proftpd is still broken. Don't use it. If you build the wu-ftpd port checked out after August 30, 1999 then you are safe. Otherwise you likely aren't. Many old versions of wu-ftpd are vulnerable. The exact details are available at ftp://ftp.wu-ftpd.org/pub/wu-ftpd/2.5.0.Security.Update.asc Warner Losh FreeBSD Security Officer -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBN+BVj1UuHi5z0oilAQESGwP8CQNDDGvI60pwG/On0tHluPU6GpwFkEVx QpEFbejj2FYbYi8oFqsh7h+eRIqJM0pLDI1TEEOhn0WNZ7u9PmJGClII0qFP9fPK MukYUkfvatk2NABE5QhupTu3uzhoxYfEcftChD0HCAmv/ARud2BFVaat87gxGXwL 3Nz8RTpa63Q= =6sJu -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message