FreeBSD Information for VU#593299

BSD-derived ftpd replydirname() in ftpd.c contains one-byte overflow

Status

Not Affected

Vendor Statement

The FreeBSD security officer, Kris Kennaway <kris@freebsd.org>, posted a statement to Bugtraq regarding this issue:

http://www.securityfocus.com/archive/1/152187

"FreeBSD is not vulnerable"

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

However, this message was not signed with the FreeBSD security officer key; it was signed with a key unknown to the CERT/CC at this time: "Signature by unknown keyid: 0x68E840A5", presumably Kris's personal key.

If you have feedback, comments, or additional information about this vulnerability, please send us email.