From owner-doc-jp@jp.freebsd.org  Sat Sep 18 00:19:02 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id AAA88858;
	Sat, 18 Sep 1999 00:19:02 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from bilbo.micon.co.jp (bilbo.micon.co.jp [210.226.150.237])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id AAA88853
	for <doc-jp@jp.freebsd.org>; Sat, 18 Sep 1999 00:19:00 +0900 (JST)
	(envelope-from sakauchi@yamame.to)
Received: from R2D2.yamame.to (p848792.kgci.ap.so-net.ne.jp [210.132.135.146])
	by bilbo.micon.co.jp (8.8.5/8.8.5) with ESMTP id AAA25550;
	Sat, 18 Sep 1999 00:18:56 +0900 (JST)
Date: Sat, 18 Sep 1999 00:18:43 +0900
Message-ID: <14306.23507.500000.54599L@R2D2>
From: Atushi Sakauchi <sakauchi@yamame.to>
To: doc-jp@jp.freebsd.org
In-Reply-To: In your message of "Fri, 17 Sep 1999 11:16:38 +0900 (JST)"
	<199909170216.LAA01971@splpe481.ccs.mt.nec.co.jp>
References: <199909170120.KAA00853@kid.micon.co.jp>
	<199909170216.LAA01971@splpe481.ccs.mt.nec.co.jp>
User-Agent: Wanderlust/1.0.3 (Notorious) SEMI/1.13.3 (Komaiko) FLIM/1.12.5 (Hirahata) Emacs/20.2 (i386-*-windows95-4.10) MULE/3.0 (MOMIJINOGA) Meadow/1.00 (MIDORI)
MIME-Version: 1.0 (generated by SEMI 1.13.3 - "Komaiko")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: doc-jp 6679
Subject: [doc-jp 6679] Re: FreeBSD-SA-99:03.ftpd REISSUED
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: sakauchi@yamame.to

$B:dFb$G$9(B.

$B$_$J$5$s$"$j$,$H$&$4$6$$$^$9(B. $B$4;XE&$$$?$@$$$?E@$r=$@5$7$^$7$?(B.
$B$A$g$C$HD9$/$J$j$^$9$,(B, $B:FEYA4J8$G$9(B. m_ _m


  $B$3$N%a!<%k$O(B announce-jp $B$KN.$l$?(B

Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-99:03.ftpd REISSUED
From: FreeBSD Security Officer <security-officer@freebsd.org>
Date: Wed, 15 Sep 1999 21:46:28 -0600 (MDT)
Message-Id: <199909160346.VAA18397@harmony.village.org>

$B$rF|K\8lLu$7$?$b$N$G$9(B.
  $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
$B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r9T(B
$B$J$&$K$O86J8$r;2>H$7$F$/$@$5$$(B. 
  $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B $B$=$NFbMF$K$D$$$F(B
$B$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B. 
  $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.freebsd.org $B$^$G(B
$B$*4j$$$7$^$9(B. 
                                         $BK]Lu(B : $B:dFbFX(B <sakauchi@micon.co.jp>
=============================================================================
FreeBSD-SA-99:03                                            Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:             Three ftp daemons in ports vulnerable to attack.

$B%+%F%4%j!<(B:           ports
$B%b%8%e!<%k(B:           wu-ftpd $B$*$h$S(B proftpd
$B9pCNF|(B:               1999$BG/(B 9$B7n(B 5$BF|(B
$B:FH/9TF|(B:             1999$BG/(B 9$B7n(B15$BF|(B
$B1F6ABP>](B:             FreeBSD 3.2 ($B$*$h$S(B 3.2 $B0JA0$N%P!<%8%g%s(B)
                      $B=$@5$5$l$k0JA0$N(B FreeBSD-current $B$H(B-stable
$B=$@5:Q(B:               FreeBSD 3.3-RELEASE ($BLuCm(B: $BM=Dj(B)
                      wu-ftpd $B$K$D$$$F$O(B 1999$BG/(B8$B7n(B30$BF|0J9_$N(B FreeBSD
                      ($BCm(B: $BA4$F$N(B FreeBSD $B%V%i%s%A$O!"C10l$N(B Ports Tree $B$r(B
                      $B;HMQ$7$F$$$k$N$G(B, -stable $B$N%f!<%6$K$b1F6A$,$"$j$^$9(B)
FreeBSD $B$@$1$NLdBj$+(B: $BH](B
Bugtraq $B$N(B Id:        protpd: 612
$B%Q%C%A(B:               $B$J$7(B

I.   $BGX7J(B

WU-FTPD, BeroFTPD, ProFTPD $B$O(B, FreeBSD $B$NI8=`(B ftpd $B$rCV$-49$($k$?$a$N(B
$B%*%W%7%g%s$G$9(B. $B%5!<%I%Q!<%F%#$K$h$j3+H/!&J]<i$,9T$J$o$l!"(BFreeBSD
Ports $B%3%l%/%7%g%s$K4^$^$l$F$$$^$9(B.

II.  $B2r@b(B

$B$3$l$i$N(B ports $B$"$k$$$O(B packages $B$K$O(B, $B%j%b!<%H$N%f!<%6$K(B root $B8"8B$rC%(B
$B$o$l$k2DG=@-$,$"$k$H$$$&(B, $B$=$l$>$lJL$N%;%-%e%j%F%#>e$NLdBj$,$"$j$^$9(B.

FreeBSD $B$K4^$^$l$F$$$kI8=`$N(B ftp $B%G!<%b%s$K$O(B, $B$3$NLdBj$O$"$j$^$;$s(B.

III. $B1F6A(B

$B%j%b!<%H$N%f!<%6$,(B root $B8"8B$rF@$k$3$H$,$G$-$^$9(B. 

IV.  $BBP1~:v(B

$B%"%C%W%0%l!<%I$,40N;$9$k$^$G(B ftp $B%G!<%b%s$rDd;_$9$k$+(B, 
FreeBSD $BImB0$NI8=`(B ftpd $B$r;HMQ$9$k(B.

V.   $B2r7h:v(B

WU-FTPD $B$N(B Ports $B$r(B, 1999$BG/(B8$B7n(B30$BF|0J9_$N(B CVS $B%j%]%8%H%j$KBP1~$7$?(B
$B%P!<%8%g%s$K%"%C%W%0%l!<%I$7$F$/$@$5$$(B. Ports $B$r;HMQ$7$F$$$J$$>l9g$O(B, 
$B3+H/85$N(B Web $B%5%$%H$r;2>H$7!"%Q%C%A$rE,MQ$7$F$/$@$5$$(B.

BeroFTPD $B$K$bF1MM$NLdBj$,$"$k$3$H$,!"85$N(B WU-FTPD $B%0%k!<%W$N4+9p$N(B
$B%j%9%H$K$b:\$C$F$$$^$9$,(B, 1999$BG/(B9$B7n(B15$BF|8=:_=$@5$5$l$F$$$^$;$s(B. 
$B$3$l$O(B 3.3-Release $B$K$O4^$^$l$J$$M=Dj$G$9(B. BeroFTPD $B$N(B ports $B$O4{$K(B
$B!H(BFORBIDDEN$B!I$H$5$l$F$$$F(B, $B$3$N%;%-%e%j%F%#>e$NLdBj$,=$@5$5$l$k$^$G(B
$B$3$N$^$^$G$9(B. ($BLuCm(B: BeroFTPD $B$N(B ports $B$O(B, Makefile $BCf$GJQ?t(B
FORBIDDEN $B$,Dj5A$5$l$F$*$j(B, make $B$G$-$J$$$h$&$K$J$C$F$$$^$9(B)  
BeroFTPD $B$r;HMQ$9$k>l9g$O(B, $B;HMQ$r:F3+$9$kA0$K(B, $B$3$NLdBj$KBP$9$k%Q%C%A(B
$B$K$D$$$F3NG'$7$F2<$5$$(B. 

ProFTPD $B$O(B $BJL$N%;%-%e%F%$%F%#>e$NLdBj$rJz$($F$$$F(B, 1999$BG/(B9$B7n(B15$BF|8=:_(B
$B0BA4$J%P!<%8%g%s$OB8:_$7$^$;$s(B. 3.3-Release $B$K$O4^$^$l$J$$M=Dj$G$9(B.
ProFTPD $B$N(B ports $B$O4{$K!H(BFORBIDDEN$B!I$H$5$l$F$$$F(B, $B$3$N%;%-%e%j%F%#>e$N(B
$BLdBj$,=$@5$5$l$k$^$G$3$N$^$^$G$9(B. 
ProFTPD $B$r;HMQ$9$k>l9g$O(B, $B;HMQ$r:F3+$9$kA0$K(B, $B$3$NLdBj$KBP$9$k%Q%C%A(B
$B$K$D$$$F3NG'$7$F2<$5$$(B. 

$BA02s$N4+9p$G$O(B ProFTPD $B$N(B 8$B7n(B30$BF|0J9_$N(B Ports $B$O0BA4$G$"$k$H(B
$B$5$l$F$$$^$7$?(B. $B$3$l$O;v<B$G$O$J$$$3$H$,H=L@$7(B, $B:#2s$N:FH/9T$H$J$j$^$7(B
$B$?(B. $B$^$?(B WU-FTPD $B$HAD@h$rF1$8$/$9$k(B BeroFTPD $B$K$D$$$FDI2C$7$^$7$?(B.
$B%*%j%8%J%k$N4+9p$K$O(B ProFTPD $B$,(B WU-FTPD $B$HAD@h$rF1$8$/$9$k$H$$$&8m$C$?(B
$B7Y9p$,$"$j$^$7$?$,(B, $B$3$l$O;v<B$G$O$"$j$^$;$s(B. 

VI.  $B<U<-(B, $B;29M;qNA(B

WU-FTPD advisory $B$O(B $B0J2<$N(B URL $B$G;2>H$G$-$^$9(B.
        ftp://ftp.wu-ftpd.org/pub/wu-ftpd/2.5.0.Security.Update.asc

=============================================================================
FreeBSD, Inc.

Web Site:                       http://www.freebsd.org/
Confidential contacts:          security-officer@freebsd.org
Security notifications:         security-notifications@freebsd.org
Security public discussion:     freebsd-security@freebsd.org
PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc

$BCm0U(B: $BK\J8=qCf$K%Q%C%A$,4^$^$l$F$$$k>l9g!"EE;R=pL>$d%a%$%i$N=hM}$GJQ99(B
      $B$5$l$k$?$a!"$=$N$^$^$G$O$-$A$s$HE,MQ$G$-$J$$$+$b$7$l$^$;$s!#I,MW(B
      $B$G$"$l$P!"K\J8=q$NKAF,$K5-:\$7$F$"$k(B URL $B$r;2>H$7$F%*%j%8%J%k$N(B
      $B%3%T!<$rF~<j$7$F$/$@$5$$!#(B
=============================================================================
