FreeBSD Information for VU#29823
Format string input validation error in wu-ftpd site_exec() function
The version of ftpd shipped with all versions of FreeBSD since 2.2.0 is not vulnerable to this problem. FreeBSD also ships with several optional third-party FTP servers in the Ports Collection, including wu-ftpd and proftpd. The wu-ftpd vulnerability was corrected on 2000/06/24 and is the subject of FreeBSD Security Advisory SA-00:29. At this time no patch has been released by the proftpd vendor and the version in FreeBSD ports is still vulnerable to this attack. FreeBSD makes no guarantee about the security of third-party software in the ports collection and users are advised that there may be security vulnerabilities in other FTP servers available there.
The vendor has not provided us with any further information regarding this vulnerability.
An update to proftpd is now available.
If you have feedback, comments, or additional information about this vulnerability, please send us email.