[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Matt Crawford <crawdad@fnal.gov>] glob vulnerability? vulnerability in krb5-ftpd

>>>>> "Sam" == Sam Hartman <hartmans@debian.org> writes:

    Sam> I hope to have either a statement we are not vulnerable or an
    Sam> upload in incoming by next dinstall run.

It turns out there are definitely some pointer handling bugs in
krb5-ftpd.  However you can only use them to read from a null pointer
or to get your client out of sync with the server.  These are annoying
bugs and will be fixed in the next upstream release.  However, they
cannot be exploited.

The double-free bug does not exist in the Kerberos sources.

Reply to: