On Monday 29 Apr 2002 4:55 am, warchildspoofed.org wrote:
> Greetings,
>
>[snipped]
>
> Sure, a skilled attacker making a directed attack against, say, a Solaris
> or OpenBSD box running wu-ftpd could most likely gain complete control, but
> I can't recall any reports of such attacks.

The wuftpd vulnerability utilises a free() of user-controllable memory but
due to the way OpenBSD / FreeBSD implements malloc() / free() functions it is
not vulnerable to remote command execution.

-jamie.

---------------------------------------------------------------------
To unsubscribe, e-mail: honeypots-unsubscribesecurityfocus.com
For additional commands, e-mail: honeypots-helpsecurityfocus.com
---------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service
which automatically alerts you to the latest security vulnerabilities.
Please, see: https://alerts.securityfocus.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]