Updated: December 21, 2000
Not Affected
The FreeBSD security officer, Kris Kennaway
The vendor has not provided us with any further information regarding this vulnerability.
However, this message was not signed with the FreeBSD security officer key; it was signed with a key unknown to the CERT/CC at this time: "Signature by unknown keyid: 0x68E840A5", presumably Kris's personal key.
Notified: December 21, 2000 Updated: December 22, 2000
Not Affected
IBM's AIX operating system is not susceptible to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: December 21, 2000
Affected
NetBSD has published an advisory about this issue at: ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc NetBSD Security Advisory 2000-018 Topic: One-byte buffer overrun in ftpd Version: All official releases up to and including 1.5 Severity: possible remote root compromise. Fixed: NetBSD-current: December 4, 2000 NetBSD 1.4 branch: December 14, 2000 NetBSD 1.5 branch: December 13, 2000
The vendor has not provided us with any further information regarding this vulnerability.
Good signature made 2000-12-20 18:48 GMT by key: 1024 bits, Key ID F8376205, Created 1997-07-01 "security-officer@netbsd.org"
Notified: December 04, 2000 Updated: December 21, 2000
Affected
OpenBSD made a patch available to fix this problem on December 4, 2000 in OpenBSD 2.8 Errata 005: SECURITY FIX: Dec 4, 2000: http://www.openbsd.org/errata.html#ftpd An OpendBSD Security Advisory: Single-byte buffer overflow vulnerability in ftpd, was published on December 18, 2000: http://www.openbsd.org/advisories/ftpd_replydirname.txt
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.