Jacques A. Vidrine
2004-Aug-17 11:47 UTC
remotely exploitable vulnerability in lukemftpd / tnftpd
Hi Everyone, http://vuxml.freebsd.org/c4b025bb-f05d-11d8-9837-000c41e2cdad.html A critical vulnerability was found in lukemftpd, which shipped with some FreeBSD versions (4.7 and later). However, with the exception of FreeBSD 4.7, lukemftpd was not built and installed by default. So, unless you are running FreeBSD 4.7-RELEASE or specified WANT_LUKEMFTP when building FreeBSD from source, you should not have lukemftpd installed. Even in FreeBSD 4.7, lukemftpd was installed but not enabled. More details will be available in a FreeBSD advisory to follow. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Chuck Swiger
2004-Aug-17 14:14 UTC
remotely exploitable vulnerability in lukemftpd / tnftpd
Jacques A. Vidrine wrote: [ ... ]> Even in FreeBSD 4.7, lukemftpd was installed but not enabled. > > More details will be available in a FreeBSD advisory to follow.Hi, Jacques-- Is this related to NetBSD Security Advisory 2004-009, at: ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc? More importantly, is FreeBSD's stock ftpd also affected, or just lukemftpd? -- -Chuck