Date: Tue, 17 Aug 2004 16:16:27 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-security@freebsd.org Subject: Re: remotely exploitable vulnerability in lukemftpd / tnftpd Message-ID: <20040817211627.GA47375@madman.celabo.org> In-Reply-To: <41227528.10001@mac.com> References: <20040817184725.GE46244@madman.celabo.org> <41227528.10001@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 17, 2004 at 05:14:16PM -0400, Chuck Swiger wrote: > Jacques A. Vidrine wrote: > [ ... ] > >Even in FreeBSD 4.7, lukemftpd was installed but not enabled. > > > >More details will be available in a FreeBSD advisory to follow. > > Hi, Jacques-- > > Is this related to NetBSD Security Advisory 2004-009, at: > ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc? Yes, same issue. > More importantly, is FreeBSD's stock ftpd also affected, or just lukemftpd? Just lukemftpd. Przemyslaw's advisory has more details. http://lists.netsys.com/pipermail/full-disclosure/2004-August/025418.html Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040817211627.GA47375>