remotely exploitable vulnerability in lukemftpd / tnftpd
Jacques A. Vidrine
nectar at FreeBSD.org
Tue Aug 17 11:47:36 PDT 2004
Hi Everyone,
http://vuxml.freebsd.org/c4b025bb-f05d-11d8-9837-000c41e2cdad.html
A critical vulnerability was found in lukemftpd, which shipped with some
FreeBSD versions (4.7 and later). However, with the exception of
FreeBSD 4.7, lukemftpd was not built and installed by default. So,
unless you are running FreeBSD 4.7-RELEASE or specified WANT_LUKEMFTP
when building FreeBSD from source, you should not have lukemftpd
installed.
Even in FreeBSD 4.7, lukemftpd was installed but not enabled.
More details will be available in a FreeBSD advisory to follow.
Cheers,
--
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the freebsd-security
mailing list