Out network security police claim that our QNX 6.1 boxes are vulnerable to
the WuftpGlobHeapCorruption attack. This seems to be specific to the
Washington University ftpd, and I don’t see any evidence that the QNX ftpd
is from that heritage. I suspect they’re mistaken here.
Can you confirm or deny?
If the vulnerability exists, is there any remedy?
Thanks,
Marty Doane
Siemens Dematic
I belive it is a BSD based ftpd. However, I doubt trying to claim lineage
will make your IT guys happy. Check this out…
http://www.qnxzone.com/newszone/readmore.php?news_id=81
chris
Marty Doane <marty.doane@rapistan.com> wrote:
Out network security police claim that our QNX 6.1 boxes are vulnerable to
the WuftpGlobHeapCorruption attack. This seems to be specific to the
Washington University ftpd, and I don’t see any evidence that the QNX ftpd
is from that heritage. I suspect they’re mistaken here.
Can you confirm or deny?
If the vulnerability exists, is there any remedy?
Thanks,
Marty Doane
Siemens Dematic
–
Chris McKillop <cdm@qnx.com> “The faster I go, the behinder I get.”
Software Engineer, QSSL – Lewis Carroll –
http://qnx.wox.org/
The ftpd in 6.1 is BSD based and does not share the code described in
the security bulletin. If your network staff are reproducing a
venerability, please post the test case and a problem report will
be generated.
Dave
Marty Doane <marty.doane@rapistan.com> wrote:
Out network security police claim that our QNX 6.1 boxes are vulnerable to
the WuftpGlobHeapCorruption attack. This seems to be specific to the
Washington University ftpd, and I don’t see any evidence that the QNX ftpd
is from that heritage. I suspect they’re mistaken here.
Can you confirm or deny?
If the vulnerability exists, is there any remedy?
Thanks,
Marty Doane
Siemens Dematic
Thanks. I don’t know the basis of their claim, but I’ll find out. It
wouldn’t surprise me if they’re speculating.
Marty Doane
Siemens Dematic
“Dave Brown” <dabrown@qnx.com> wrote in message
news:a7qljs$d0d$1@nntp.qnx.com…
The ftpd in 6.1 is BSD based and does not share the code described in
the security bulletin. If your network staff are reproducing a
venerability, please post the test case and a problem report will
be generated.
Dave
Marty Doane <> marty.doane@rapistan.com> > wrote:
Out network security police claim that our QNX 6.1 boxes are vulnerable
to
the WuftpGlobHeapCorruption attack. This seems to be specific to the
Washington University ftpd, and I don’t see any evidence that the QNX
ftpd
is from that heritage. I suspect they’re mistaken here.
Can you confirm or deny?
If the vulnerability exists, is there any remedy?
Thanks,
Marty Doane
Siemens Dematic
Sure. It doesn’t have Microsoft Bug Fix 7.355d.91. So it must still have
the bug.
“Marty Doane” <marty.doane@rapistan.com> wrote in message
news:a7qm8q$obo$1@inn.qnx.com…
Thanks. I don’t know the basis of their claim, but I’ll find out. It
wouldn’t surprise me if they’re speculating.
Marty Doane
Siemens Dematic
“Dave Brown” <> dabrown@qnx.com> > wrote in message
news:a7qljs$d0d$> 1@nntp.qnx.com> …
The ftpd in 6.1 is BSD based and does not share the code described in
the security bulletin. If your network staff are reproducing a
venerability, please post the test case and a problem report will
be generated.
Dave
Marty Doane <> marty.doane@rapistan.com> > wrote:
Out network security police claim that our QNX 6.1 boxes are
vulnerable
to
the WuftpGlobHeapCorruption attack. This seems to be specific to the
Washington University ftpd, and I don’t see any evidence that the QNX
ftpd
is from that heritage. I suspect they’re mistaken here.
Can you confirm or deny?
If the vulnerability exists, is there any remedy?
Thanks,
Marty Doane
Siemens Dematic
\
I’m feeling a little slow today. What should the link be telling me?
–
Marty Doane
Siemens Dematic
“Chris McKillop” <cdm@qnx.com> wrote in message
news:a7qi8u$a5f$1@nntp.qnx.com…
I belive it is a BSD based ftpd. However, I doubt trying to claim lineage
will make your IT guys happy. Check this out…
http://www.qnxzone.com/newszone/readmore.php?news_id=81
chris
Marty Doane <> marty.doane@rapistan.com> > wrote:
Out network security police claim that our QNX 6.1 boxes are vulnerable
to
the WuftpGlobHeapCorruption attack. This seems to be specific to the
Washington University ftpd, and I don’t see any evidence that the QNX
ftpd
is from that heritage. I suspect they’re mistaken here.
Can you confirm or deny?
If the vulnerability exists, is there any remedy?
Thanks,
Marty Doane
Siemens Dematic
\
Chris McKillop <> cdm@qnx.com> > “The faster I go, the behinder I get.”
Software Engineer, QSSL – Lewis Carroll –
http://qnx.wox.org/