> The wuftpd vulnerability utilises a free() of user-controllable memory but
> due to the way OpenBSD / FreeBSD implements malloc() / free() functions it is
> not vulnerable to remote command execution.
>
> -jamie.

Since that appears to be the case (I just built wu-ftpd on openbsd to
double check), that would explain why I haven't heard anything about it.

Back to the drawing board.

Thanks for the heads up,

-jon

---------------------------------------------------------------------
To unsubscribe, e-mail: honeypots-unsubscribesecurityfocus.com
For additional commands, e-mail: honeypots-helpsecurityfocus.com
---------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service
which automatically alerts you to the latest security vulnerabilities.
Please, see: https://alerts.securityfocus.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]