NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Linux Security Auditing Project> 2000-q2

Subject: Re: Evilness in gssftp/ftpd
From: Kev (klmitchMIT.EDU)
Date: Thu Jun 29 2000 - 21:21:03 CDT

Next message: Horst von Brand: "Re: static analysis"
Previous message: lamonticopyright.com: "Evilness in gssftp/ftpd"
In reply to: lamonticopyright.com: "Evilness in gssftp/ftpd"
Next in thread: Horst von Brand: "Re: static analysis"
Reply: Kev: "Re: Evilness in gssftp/ftpd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> krb5-1.1.1/src/appl/gssftp/ftpd
>
> check out secure_error(), reply(), lreply(), secure_fprintf() and
> retrieve()

Could you redirect to krb5-1.2? It was recently released, and should have
the most up-to-date set of security fixes. I think there are other bugs
in it at present, so I imagine there will be a patchlevel release in the
near future; get it audited now, and it'll be a lot happier ;)

-- 
Kevin L. Mitchell <klmitchmit.edu>

Next message: Horst von Brand: "Re: static analysis"
Previous message: lamonticopyright.com: "Evilness in gssftp/ftpd"
In reply to: lamonticopyright.com: "Evilness in gssftp/ftpd"
Next in thread: Horst von Brand: "Re: static analysis"
Reply: Kev: "Re: Evilness in gssftp/ftpd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]