Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2

From: Bill Pemberton (wfp5pat_private)
Date: Wed Sep 29 1999 - 12:49:12 PDT

Next message: Carson Gaspar: "Re: ufsdump problem under Solaris 2.6 with ufs.c"

Previous message: Elias Levy: "WWWBoard"
Next in thread: Troy A. Bollinger: "Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

W.H.J.Pinckaers writes:
>
> sq01at_private <sq01at_private> Wrote
>
> >Hi,
> > >
> > >Short of disabling ftpd completely, is there a work-around that will not
> > >affect our users ?
> > >
>
>
> At this time: NO, but please make sure you are vulnerable first, we
> did discover that this bug is very specific for AIX 4.3.2. (Most other
> AIX versions aren't vulnerable to this particular bug)
>

Actually, IBM does have an efix for this at:

ftp://aix.software.ibm.com/aix/efixes/security/ftpd.tar.Z


--
Bill Pemberton                                 wfp5pat_private
ITC/Unix Systems                               flashat_private
University of Virginia

Next message: Carson Gaspar: "Re: ufsdump problem under Solaris 2.6 with ufs.c"
Previous message: Elias Levy: "WWWBoard"
Next in thread: Troy A. Bollinger: "Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:50 PDT