|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: ftpd bug in FreeBSD through at least 3.4
From: Dave McKay (dave
mu.org)Date: Tue Oct 03 2000 - 03:38:15 CDT
- Next message: Jeroen Ruigrok van der Werven: "Re: ftpd bug in FreeBSD through at least 3.4"
- Previous message: fastsniffgmx.net: "(no subject)"
- In reply to: Brett Glass: "Re: ftpd bug in FreeBSD through at least 3.4"
- Next in thread: Roman Shterenzon: "Re: politeness [was: ftpd bug in FreeBSD through at least 3.4]"
- Next in thread: Warner Losh: "Re: ftpd bug in FreeBSD through at least 3.4"
- Reply: Dave McKay: "Re: ftpd bug in FreeBSD through at least 3.4"
- Reply: Roman Shterenzon: "Re: politeness [was: ftpd bug in FreeBSD through at least 3.4]"
- Reply: Brett Glass: "Re: ftpd bug in FreeBSD through at least 3.4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brett,
This bug was a non-issue from the start, why did you have to drag your results on
to the list? Wasn't it apparent after Warner said that they no longer support
older releases of FreeBSD due to resource shortness that the thread was pointless?
My second rant is, have you ever noticed WHENEVER you write into the list its ALWAYS
the longest current thread running within a VERY short time? Do you think this is
because of your genius in the BSD OS field? Or perhaps its due to your keen wits
being always about you when you write in. Please, and I mean this, DIE.
Brett Glass (brettlariat.org) wrote:
> At 03:39 PM 10/2/2000, Kris Kennaway wrote:
>
> >No, I think your client is expanding the %s locally and sending the
> >junk to the server.
>
> Kris:
>
> I think you may be right here! The client may also be expanding the
> %s on the way BACK from the server. If this is the case, it is
> more serious because it means that a malicious server might be
> able to take over the client.
>
> I am checking to see if there are holes in the server, too. So
> far, when I send the same strings to the server using good ol'
> Telnet the server seems to respond pretty much correctly. There
> are still some minor server glitches: Some error messages are sent
> twice instead of once, the command is always changed to all uppercase
> up to the first whitespace and then echoed back with this modification,
> and trailing whitespace at the ends of commands is not ignored. But
> while these things could use fixing, none of them are exploitable.
>
> --Brett
>
>
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
-- Dave McKay Network Engineer - Google Inc. daveTo Unsubscribe: send mail to majordomo
- Next message: Jeroen Ruigrok van der Werven: "Re: ftpd bug in FreeBSD through at least 3.4"
- Previous message: fastsniffgmx.net: "(no subject)"
- In reply to: Brett Glass: "Re: ftpd bug in FreeBSD through at least 3.4"
- Next in thread: Roman Shterenzon: "Re: politeness [was: ftpd bug in FreeBSD through at least 3.4]"
- Next in thread: Warner Losh: "Re: ftpd bug in FreeBSD through at least 3.4"
- Reply: Dave McKay: "Re: ftpd bug in FreeBSD through at least 3.4"
- Reply: Roman Shterenzon: "Re: politeness [was: ftpd bug in FreeBSD through at least 3.4]"
- Reply: Brett Glass: "Re: ftpd bug in FreeBSD through at least 3.4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]