Bug 26727
| Summary: | glob() function bug in ftpd daemon: what is its status in v2.2.7 and v3.4 | ||
|---|---|---|---|
| Product: | Base System | Reporter: | paulchef <paulchef> |
| Component: | misc | Assignee: | freebsd-bugs (Nobody) <bugs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Unspecified | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
paulchef
2001-04-20 10:10:00 UTC
On Fri, Apr 20, 2001 at 02:02:21AM -0700, paulchef@starwon.com.au wrote: > FreeBSD zeus.starwon.com.au 2.2.7-RELEASE FreeBSD 2.2.7-RELEASE #0: Mon Jul 31 1 > 1:25:57 WST 2000 louis@zeus.starwon.com.au:/usr/src/sys/compile/ZEUS i386 > zeus % > >Description: > COVERT labs at PGP security have found a bug in the glob function > for ftpd. You have said this will be fixed in v4.2. We are running > v2.2.7 and v3.4 very nicely here. Is the glob() problem happening in > those two versions. I also believe from reading the notes that this Sure. > is not a problem in the FTPD daemon but in the actual system glob() > function. Shame on you guys for not separating data and code into > different segments like (excuse me) Windows does? > Upgrade your systems to at least 3.5.1-STABLE or you can try to port this patch to your system by hand... if you like it. (If you see the page ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/ you can find much more security holes related to your systems. So, please think twice before porting patches.) Serg N. Voronkov. State Changed From-To: open->closed The PR database is for problem reports, not questions. The latter belong on the freebsd-questions@freebsd.org mailing list. On Fri, Apr 20, 2001 at 02:02:21AM -0700, paulchef@starwon.com.au wrote: > glob() function. Shame on you guys for not separating data and code > into different segments like (excuse me) Windows does? What on earth does this have to do with data and code segments? I don't think you know what you're talking about. Kris |
