Lists all of the journal entries for the day.

Tue, 30 Sep 2008

3:01 PM - ftpd

It seems like most ftp servers have a similar problem.  They have a command buffer.  That buffer is a fixed size like 512 bytes.  When the buffer is overflowed, it separates the contents of the first and second buffer.  This separation can be used to send commands to an FTP server as a trusted user (by providing the idiot a link to click).

MidnightBSD has been patched since yesterday, Netbsd and OpenBSD have addressed it, but FreeBSD has ignored the problem to date.  proftpd also has a problem so we updated to the last rc which may still have a problem.  tnftpd has also had a reported issue today.  This sucks. 

()