Date: Mon, 30 Aug 1999 12:14:07 -0700 (PDT) From: Chris Piazza <cpiazza@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/ftp/wu-ftpd Makefile ports/ftp/wu-ftpd/files md5 Message-ID: <199908301914.MAA89802@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
cpiazza 1999/08/30 12:14:07 PDT
Modified files:
ftp/wu-ftpd Makefile
ftp/wu-ftpd/files md5
Log:
Add a PATCH_FILE to close a security hole in wu-ftpd.
Quoted from wu-ftpd group's accouncement:
Due to insufficient bounds checking on directory name lengths which can
be supplied by users, it is possible to overwrite the static memory
space of the wu-ftpd daemon while it is executing under certain
configurations. By having the ability to create directories and
supplying carefully designed directory names to the wu-ftpd, users may
gain privileged access.
PR: 13475
Submitted by: jack@germanium.xtalwind.net
Revision Changes Path
1.29 +4 -1 ports/ftp/wu-ftpd/Makefile
1.20 +1 -0 ports/ftp/wu-ftpd/files/md5
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908301914.MAA89802>