On Thu, Mar 11, 2004 at 02:32:52PM +0100, Leonard den Ottolander wrote: > Hello Tim, all, > > > An updated coreutils package is available fixing an issue in the ls(1) > > utility, described at: > > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853 > > > > Note that this vulnerability affects Internet-facing services which execute > > ls(1) with user-supplied input, and although wu-ftpd is one such service it > > is not supplied with Fedora Core 1. > > I am curious to know if vsftpd calls ls, or uses it's own > implementation. How about some of the other ftp daemons? Other services > in general? The vsftpd daemon uses its own built-in implementation. Tim. */
Attachment:
pgpfFBKhKb4az.pgp
Description: PGP signature
