Subject: ftpd exploit?
To: None <tech-net@netbsd.org>
From: Joel Votaw <jovotaw@cs.nmsu.edu>
List: tech-net
Date: 12/20/2000 10:39:11
I just saw on BUGTRAQ that there is a possible boundary-overflow exploit
in NetBSD's ftpd daemon.  "It is reportedly fixed in the NetBSD source
tree and users are advised to download updates via anonymous CVS."

I can't seem to find any more information on www.NetBSD.org or in the
archives of this mailing list.

Is this problem fixed in NetBSD 1.4.3 and 1.5?  They are not listed on
BUGTRAQ as being either fixed or vulnerable.

If they are not fixed by defualt, is there a simple way to get selective
updates to these files (or source code) without switching to -current?  I
have no experience with CVS but am willing to read a FAQ and figure out
the details.

Thanks for any info,

	-Joel