Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)

[wayout () WAYOUT IAE NL (wayout)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 1 Jul 2000, Gregory A Lundberg wrote:

>  - I, personally, have seen NO scanning for FTP services on my networks.
>    While this is admitedly anecdotal evidence, the last exploit against
>    WU-FTPD, which _did_ work and _was_ in widespread use, was acompanied by
>    a marked increase in such scans on the networks I manage.  I have talked
>    with several other network operators and most report no increase in
>    scanning; one did report he is seeing some FTP probes on his campus.
>    The probes and scans I am seeing are consistent with the most-recent
>    CERT Current Activity report (
>    http://www.cert.org/current/current_activity.html ).
As a member of the System Administration group of a large cable network
provider in the Netherlands I can state that there /has/ been an increase
in FTP scans. Just as there was a noticeble increase in scans on port 21
when wuftpd 2.5.0 was shown vulnerable.

<snip>
>  - "The exploit is in wide use."  At this point, the WU-FTPD Development
>    Group has seen no evidence the exploit works or is being used at all.
>    Our position, however, is that the exploit ought to work since the bug
>    is real.  So, while this is currently a false statement it could become
>    true at some point.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Made with pgp4pine 1.75

iD8DBQE5YOuaLUYHCoW7cyIRAub/AJkBN31bTicqobu2kjrI6m7xMxVkxQCfSNid
F4c8/lzcnk5tUmqfY703N2Y=
=IPF3
-----END PGP SIGNATURE-----