Bugtraq mailing list archives

Re: WUftp scanner

From: lundberg+wuftpd () VR NET (Gregory A Lundberg)
Date: Thu, 25 Mar 1999 22:25:39 -0500


On Wed, 24 Mar 1999 baku () EXCITE COM wrote:

  if (strstr (buf, "Version wu-2.4.2-academ[BETA-18](1)"))


No.  Way to strict.  You'll miss people who touched ftpcmd.y and
recompiled:
  Version wu-2.4.2-academ[BETA-18](2)
And you'll miss earlier versions which are vulnerable, say:
  Version wu-2.4.2-academ[BETA-12]
And you'll miss derivatives which are vulnerable, like one of mine:
  Version wu-2.4.2-academ[BETA-18-VR6]

    {
      if (strstr (buf, "Mon Jan 18 19:19:31 EST 1999"))
      printf ("%s is patched.\n", inet_ntoa (addr));


No.  That's the date and time _you_ compiled the daemon.  The target
machine was probably compiled some other time.

--

Gregory A Lundberg              Senior Partner, VRnet Company
1441 Elmdale Drive              lundberg+wuftpd () vr net
Kettering, OH 45409-1615 USA    1-800-809-2195

Current thread:

WUftp scanner baku () EXCITE COM (Mar 24)
- Re: WUftp scanner Gregory A Lundberg (Mar 25)
- Re: WUftp scanner Scott Stone (Mar 26)