FreeBSD Information for VU#29823

Format string input validation error in wu-ftpd site_exec() function

Status

Not Affected

Vendor Statement

The version of ftpd shipped with all versions of FreeBSD since 2.2.0 is not vulnerable to this problem. FreeBSD also ships with several optional third-party FTP servers in the Ports Collection, including wu-ftpd and proftpd. The wu-ftpd vulnerability was corrected on 2000/06/24 and is the subject of FreeBSD Security Advisory SA-00:29. At this time no patch has been released by the proftpd vendor and the version in FreeBSD ports is still vulnerable to this attack. FreeBSD makes no guarantee about the security of third-party software in the ports collection and users are advised that there may be security vulnerabilities in other FTP servers available there.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

An update to proftpd is now available.

If you have feedback, comments, or additional information about this vulnerability, please send us email.