Sign in / up

back to article Remote code execution flaws fixed in tnftp and wget

The maintainer of the tnftp FTP client has patched a remote code execution vulnerability which affected operating systems including NetBSD, FreeBSD and Mac OS X. The flaw (CVE-2014-8517), which did not affect OpenBSD due to modifications, was patched over the weekend. Maintainer Luke Mewburn notified NetBSD (which ships tnftp …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. asdf
    Mushroom

    OpenBSD ftw

    >The flaw (CVE-2014-8517), which did not affect OpenBSD due to modifications

    Never see that huh? OpenBSD 5.6 just dropped and I just can't stand to see the cancer that is systemd devouring my beloved Debian testing any more. OpenBSD daily driver coming next time I get some free time. Also the more I use FVWM the more I realize the last decade has been nothing but bloat in the WM/DE space.

    4 0 Reply
  2. saif

    Boilerplate reply

    These days, acknowledgement of a vulnerability is one step away from admission of liability. Commercial OS distributors that use/depend on borrowed code have a flexible view of responsibility for the vulnerabilities, that allows them that to say "It's not that serious folks" while the community cures the problem for them.

    1 1 Reply
    1. Wzrd1 Silver badge
      Reply Icon

      Re: Boilerplate reply

      Meanwhile, at least in the US, that boilerplate response *opens* them to liability, as they've been informed and appear to have ignored the warning. Any client using their OS and experiencing damage now can claim harm caused by negligence on the part of crApple.*

      *Full disclosure, I'm typing this on my favorite notebook, a MacBook Pro, which I am amazingly frustrated as to have had to compile and replace my ShellShock vulnerable computer *long* before crApple got around to it. I expect a *lot* better than that, lest I begin to think that crApple is taking lessons from Microsoft.

      #*@&!!!!!!!!!

      0 0 Reply
  3. psychonaut

    wtf is a boilerplate response?

    anyone? bueller?

    0 1 Reply
    1. g00se
      Reply Icon

      Re: wtf is a boilerplate response?

      How about something like "It's not that serious folks" ?

      0 0 Reply
    2. Paul Kinsler
      Reply Icon

      Re: wtf is a boilerplate response?

      typically, a standardized response with little or no new content.

      0 0 Reply
    3. borg95
      Reply Icon

      Re: wtf is a boilerplate response?

      See the link:

      http://lmgtfy.com/?q=boilerplate+reply

      1 0 Reply
    4. Irongut
      Reply Icon

      Re: wtf is a boilerplate response?

      It probably says something like "Thank-you for your interest in in the security of Apple products. Apple products are made from powdered unicorn horn mixed with pureed fairy and have no security flaws."

      14 0 Reply
      1. razorfishsl
        Reply Icon

        Re: wtf is a boilerplate response?

        Actually you missed the

        "Apple takes security very seriously"

        line…..

        3 0 Reply
        1. Wzrd1 Silver badge
          Reply Icon

          Re: wtf is a boilerplate response?

          "Apple takes security very seriously"

          Whilst relying upon *BSD to fix the flaw, then washing the fix through 37973 departments...

          0 0 Reply
    5. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: wtf is a boilerplate response?

      "You're transferring it wrong."

      Or something.

      0 1 Reply
    6. jubtastic1
      Reply Icon
      Trollface

      Re: wtf is a boilerplate response?

      Thank you for your question, It has been forwarded to the relevent department.

      This is an automated response, replies will neither be received or acknowledged.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like