WU FTPD

Lucas Holt luke at foolishgames.com
Thu Jul 31 11:18:34 PDT 2003


There was a vulnerability released today in wu ftpd and I'm unclear if 
this would affect the software running on a freebsd system.  It appears 
to cause problems on linux 2.4.x kernels but not older kernels due to 
the way the compiler works.  Does anyone know if this problem is 
exploitable on freebsd?  If not, where should I ask this question?

Here's the header included in the advisory with links.

Synopsis:	wu-ftpd fb_realpath() off-by-one bug
Product:	wu-ftpd
Version: 	2.5.0 <= 2.6.2
Vendor:		http://www.wuftpd.org/

URL:		http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
CVE:            
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466
Author:		Wojciech Purczynski <cliph at isec.pl>
		Janusz Niewiadomski <funkysh at isec.pl>
Date:		July 31, 2003


Lucas Holt
Luke at FoolishGames.com
________________________________________________________
FoolishGames.com  (Jewel Fan Site)
JustJournal.com (Free blogging)

"Only two things are infinite, the universe and human stupidity, and 
I'm not sure about the former."
- Albert Einstein (1879-1955)



More information about the freebsd-questions mailing list