Wu-ftpd FTP server contains remotely exploitable off-by-one bug
polytarp at cyberspace.org
polytarp at cyberspace.org
Thu Jul 31 14:31:43 PDT 2003
On Thu, 31 Jul 2003 mike at sentex.net wrote:
> At 02:40 PM 31/07/2003 -0400, polytarp at cyberspace.org wrote:
>
>
> >Buffer overflows which work on Linux do not work on FreeBSD.
>
>
> You need to qualify that statement. Yes, there are some that will not be
> relevant and the exact same exploit code will not work. But "Buffer
> overflows which work on Linux do not work on FreeBSD" is dangerously
> misleading.... In the case of wu-ftpd there have been several issues in the
> past that affected both FreeBSD and Linux. Same bug, different exploit
> code, both vulnerable. That being said, I havent had a chance to review
> this one so I dont know.
>
No, you're wrong. Even a different COMPILER -- let alone a different
OPERATING SYSTEM -- can make buffer overflows not work.
More information about the freebsd-security
mailing list