Re: [Matt Crawford <crawdad@fnal.gov>] glob vulnerability? vulnerability in krb5-ftpd

To: debian-devel@lists.debian.org
Cc: debian-user@lists.debian.org
Subject: Re: [Matt Crawford <crawdad@fnal.gov>] glob vulnerability? vulnerability in krb5-ftpd
From: Sam Hartman <hartmans@debian.org>
Date: 02 Dec 2001 21:11:08 -0500
Message-id: <[🔎] tslzo51oxxf.fsf@loggerhead.mekinok.com>
In-reply-to: <tsl3d2x5icl.fsf@tir-na-nogth.mit.edu>
References: <tsl3d2x5icl.fsf@tir-na-nogth.mit.edu>

>>>>> "Sam" == Sam Hartman <hartmans@debian.org> writes:

    Sam> I hope to have either a statement we are not vulnerable or an
    Sam> upload in incoming by next dinstall run.

It turns out there are definitely some pointer handling bugs in
krb5-ftpd.  However you can only use them to read from a null pointer
or to get your client out of sync with the server.  These are annoying
bugs and will be fixed in the next upstream release.  However, they
cannot be exploited.

The double-free bug does not exist in the Kerberos sources.

Reply to:

Prev by Date: Re: No problem with staroffice 6.0b (was: Debian woody with Openoffice. Can not install)
Next by Date: Re: printing problems
Previous by thread: Re: printing problems
Next by thread: /etc/fstab configuration
Index(es):
- Date
- Thread