Date: Mon, 26 Apr 1999 10:29:04 -0500 (CDT) From: Igor Roshchin <igor@physics.uiuc.edu> To: freebsd-security@FreeBSD.ORG Subject: wu-ftpd: is there a vulnerability ? (was: Re: limit ftp users to their homedir) Message-ID: <199904261529.KAA17354@alecto.physics.uiuc.edu>
next in thread | raw e-mail | index | archive | help
Time to time somebody mentions that the current version of the wu-ftpd is vulnerable (e.g. see below). Unless I missed something, there was no postings about that on this (freebsd-security) mailing list about that. Also, as it was explained earlier (sorry, I don't remember who it was, probably Satoshi Asami ?) wu-ftpd on FreeBSD was not vulnerable to the most recent (realpath function) vulnerability due to specifics of FreeBSD's implementation of the realpath function. So, I hope that either Warner Losh, or Satoshi Asami, or Andrey Chernov can confirm the current state of the wu-ftpd port. Also, it would be really helpful (I asked this earlier but it was not noticed) to know what was the latest vulnerable version of wu-ftpd on FreeBSD ? Regards, Igor ----- Forwarded message from Fernando Schapachnik ----- I use wu-ftpd for this and works nice. I also has some other features. There is and exploit for the current version -I think it keeps on being the current- so you can get wu-ftpd-VR from another vendor. Sorry I don't recall the URL, but you can find it easily on the Web. <..> ----- End of forwarded message from Fernando Schapachnik ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904261529.KAA17354>