Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

FreeBSD Information for VU#29823

Date Notified:
Date Updated:
Statement Date:
Status Summary:Not Vulnerable

Vendor Statement

The version of ftpd shipped with all versions of FreeBSD since 2.2.0 is not vulnerable to this problem. FreeBSD also ships with several optional third-party FTP servers in the Ports Collection, including wu-ftpd and proftpd. The wu-ftpd vulnerability was corrected on 2000/06/24 and is the subject of FreeBSD Security Advisory SA-00:29. At this time no patch has been released by the proftpd vendor and the version in FreeBSD ports is still vulnerable to this attack. FreeBSD makes no guarantee about the security of third-party software in the ports collection and users are advised that there may be security vulnerabilities in other FTP servers available there.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

An update to proftpd is now available.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information