OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [Full-disclosure] FreeBSD and OpenBSD ftpd bug (not exploitable?)

From: Patrick Lamaiziere (patfbsddavenulle.org)
Date: Sun Mar 07 2010 - 12:07:04 CST


Le Fri, 05 Mar 2010 16:19:12 +0100,
Kingcope <kcope2googlemail.com> a écrit :

> FreeBSD ftpd globbing bug - null pointer dereference ?
>
> Affected FreeBSD Releases
> +-+-+-+-+-+-+-+-+-+
> FreeBSD 8.0, 6.3 and 4.9
>
> Affected OpenBSD Releases
> +-+-+-+-+-+-+-+-+-+
> OpenBSD 4.6

I think NetBSD (Lukemftpd) is affected too
http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/popen.c

Did you report this to {Free|Open|Net}BSD?

Regards.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/