Bugtraq mailing list archives
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
From: wayout () WAYOUT IAE NL (wayout)
Date: Mon, 3 Jul 2000 21:37:46 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 1 Jul 2000, Gregory A Lundberg wrote:
- I, personally, have seen NO scanning for FTP services on my networks. While this is admitedly anecdotal evidence, the last exploit against WU-FTPD, which _did_ work and _was_ in widespread use, was acompanied by a marked increase in such scans on the networks I manage. I have talked with several other network operators and most report no increase in scanning; one did report he is seeing some FTP probes on his campus. The probes and scans I am seeing are consistent with the most-recent CERT Current Activity report ( http://www.cert.org/current/current_activity.html ).
As a member of the System Administration group of a large cable network provider in the Netherlands I can state that there /has/ been an increase in FTP scans. Just as there was a noticeble increase in scans on port 21 when wuftpd 2.5.0 was shown vulnerable. <snip>
- "The exploit is in wide use." At this point, the WU-FTPD Development Group has seen no evidence the exploit works or is being used at all. Our position, however, is that the exploit ought to work since the bug is real. So, while this is currently a false statement it could become true at some point.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: Made with pgp4pine 1.75 iD8DBQE5YOuaLUYHCoW7cyIRAub/AJkBN31bTicqobu2kjrI6m7xMxVkxQCfSNid F4c8/lzcnk5tUmqfY703N2Y= =IPF3 -----END PGP SIGNATURE-----
Current thread:
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Bernhard Rosenkraenzer (Jun 30)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Kenn Humborg (Jul 01)
- <Possible follow-ups>
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Gregory A Lundberg (Jun 30)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Tom Perrine (Jul 02)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) wayout (Jul 03)