Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!network.ucsd.edu!usc!elroy.jpl.nasa.gov!ames!olivea!mintaka.lcs.mit.edu!ai-lab!hal.gnu.ai.mit.edu!not-for-mail From: mycroft@hal.gnu.ai.mit.edu (Charles Hannum) Newsgroups: comp.os.386bsd.apps Subject: Re: Security loophole in Wuarchive ftpd Message-ID: <1qnvq5$1u2b@hal.gnu.ai.mit.edu> Date: 17 Apr 93 04:07:33 GMT References: <g89r4222.734731445@kudu> Organization: dis Lines: 17 NNTP-Posting-Host: hal.ai.mit.edu In article <g89r4222.734731445@kudu> g89r4222@kudu.ru.ac.za (Geoff Rehmet) writes: > > Sources, suitably patched for 386bsd, of the Wuarchive ftpd were > made available for 386bsd a while ago. > > THESE SOURCES DO MANIFEST THE SECURITY LOOPHOLE MENTIONED BELOW. The sources I made available have since been patched. Anyone who has downloaded `ftpd+2' from my FTP server and installed it is safe (from this hole, at least; I make no promises). -- \ / Charles Hannum, mycroft@ai.mit.edu /\ \ PGP public key available on request. MIME, AMS, NextMail accepted. Scheme White heterosexual atheist male (WHAM) pride!