Wu-ftpd FTP server contains remotely exploitable off-by-one bug
Jacques A. Vidrine
nectar at FreeBSD.org
Thu Jul 31 15:41:18 PDT 2003
On Thu, Jul 31, 2003 at 11:35:53AM -0700, John Fox wrote:
> Hello,
>
> I see in BugTraq that there's yet another problem with Wu-ftpd, but I see
> no mention of it in the freebsd-security mailing list archives...I have
> searched the indexes from all of June and July.
>
> Wu is pretty widely used, so I'm surprised that nobody seems to have
> mentioned this problem in this forum.
>
> The notice on BugTraq mentioned only Linux, not FreeBSD, but that's no
> reason to assume that FreeBSD machines aren't vulnerable, too. Which is
> why I am confused as to the lack of discussion of this matter.
>
> Can anyone shed some light on this?
Hmm.
The issue was scheduled to be made public at 12:00 pm EDT today.
Daniel Harris <dannyboy at FreeBSD.org> committed the fix to the FreeBSD
Ports Collection around 12:07 pm EDT today.
This issue will be rolled into the next FreeBSD Security Notice
(probably Monday --- serious problems like this tend to `trigger' a
notice).
If you want to bitch at someone, bitch at the wu-ftpd.org guys for
ignoring the reported bug for two months.
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
More information about the freebsd-security
mailing list