Hi!
it seems the security people must work 24/7 these days.
Yesterday http://www.cert.org/advisories/CA-2001-07.html was published with respect to a "glob" vulnerability in ftpd.
While the *BSD people already made some announcements, SuSE did not send out an announcement, yet. (Nothing popped up at wu-ftpd.org, too) Maybe because its especially a *BSD problem? Even we need time (> 0) to review code when it comes to CERT reports etc. As far as we are through it seems
On Wed, 11 Apr 2001, Lutz Jaenicke wrote: that a) glibc is not affected by that glob() implementation fault and b) the port of the OBSD 2.7 ftpd we are using is not affected. I don't know about the other ftpd's. Other vendors are examining their code too, btw. Fast shots won't help. Sebastian -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@suse.de - SuSE Security Team ~