| Title: | SEAL |
| Moderator: | GALVIA::SMITH |
| Created: | Mon Mar 21 1994 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1989 |
| Total number of notes: | 8209 |
CERT has just published an advisory on vulnerabilities of ftpd.
The problem is in a race condition during signal handling.
This has originally been published by AUSTCERT on 29JAN97.
CERT* Advisory CA-97.16
Original issue date: May 29, 1997
There are already patches available for DU:
> ftp://ftp.service.digital.com/patches/public/dunix
>
> VERSION KIT ID SIZE CHECK SUM
> ------- ---------------- ------ --------------
> v3.2g SSRT0448U_v32g.tar 296960 32064 290
> v4.0 SSRT0448U_v40.tar 542720 07434 530
> v4.0a SSRT0448U_v40a.tar 542720 43691 530
> v4.0b SSRT0448U_v40b.tar 471040 45701 460
>
Would ftpxd be vulnerable the same way ftpd was?
Regards,
Chris Jankowski
Melbourne Australia
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 1978.1 | WOTVAX::16.42.4.61::[email protected] | I'm back - as a matter of fact | Mon Jun 02 1997 10:43 | 7 | |
Just been asked the same question by a VERY VERY major customer - who go by the name of BT/MCI. Could someone please respond fairly quickly.... Thanks, Stuart | |||||