Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2

From: Keith Stevenson (k.stevensonat_private)
Date: Wed Sep 29 1999 - 13:30:47 PDT

Next message: Eric Griffis: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"

Previous message: Troy A. Bollinger: "Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2"
Next in thread: Gerrie: "Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 29, 1999 at 01:00:32PM +0100, W.H.J.Pinckaers wrote:
>
>
> At this time: NO, but please make sure you are vulnerable first, we
> did discover that this bug is very specific for AIX 4.3.2. (Most other
> AIX versions aren't vulnerable to this particular bug)

The version of ftpd contained in bos.net.tcp.client v. 4.3.2.7 seems to
be vulnerable.  A quick check of IBM's software site shows that
v. 4.3.2.10 seems to be the latest version of that fileset.  I have no idea
whether or not it is vulnerable though.

Regards,
--Keith Stevenson--

--
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
k.stevensonat_private
PGP key fingerprint =  4B 29 A8 95 A8 82 EA A2  29 CE 68 DE FC EE B6 A0

Next message: Eric Griffis: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
Previous message: Troy A. Bollinger: "Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2"
Next in thread: Gerrie: "Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:55 PDT