Bugtraq mailing list archives
Re: WuFTPD: Providing *remote* root since at least1994
From: lundberg () VR NET (Gregory A Lundberg)
Date: Tue, 27 Jun 2000 18:48:59 -0400
On Tue, Jun 27, 2000 at 05:29:43PM +0200, Tomasz Grabowski wrote:
Anyway I made a patch for that bug so You don't need to change Your wu-ftpd-academ to wu-ftpd if You don't want.
Bascially, all your patch does is prevent an attack which isn't (currently) being used very widely on a version of the server which is vulnerable to at least two attacks which ARE. The smart thing to do is immedeately disconnect your 'wu-ftpd-academ' host and scan for root breakins. Then, when you've cleaned out the kiddies and regained control of your host, upgrade to 2.6.0 and apply the patch. -- Gregory A Lundberg WU-FTPD Development Group 1441 Elmdale Drive lundberg () wu-ftpd org Kettering, OH 45409-1615 USA 1-800-809-2195
Current thread:
- Re: WuFTPD: Providing *remote* root since at least1994 Bernhard Rosenkraenzer (Jun 22)
- Re: WuFTPD: Providing *remote* root since at least1994 Daniel Jacobowitz (Jun 22)
- Re: WuFTPD: Providing *remote* root since at least1994 Marcus Meissner (Jun 23)
- Why pine must never be sgid Stan Bubrouski (Jun 23)
- sawmill5.0.21 old path bug & weak hash algorithm Cashdollar, Larry (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Tomasz Grabowski (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Bernhard Rosenkraenzer (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Gregory A Lundberg (Jun 27)
- ftpd: the advisory version Lamagra Argamal (Jun 23)
- Re: ftpd: the advisory version Bernd Luevelsmeyer (Jun 25)
- Re: ftpd: the advisory version Sebastian (Jun 26)
- [RHSA-2000:037-05] New Linux kernel fixes security bug bugzilla () REDHAT COM (Jun 26)
- LeafChat Denial of Service Andrew Lewis (Jun 25)
- Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility Peter Grundl (Jun 26)
- Re: ftpd: the advisory version Bernd Luevelsmeyer (Jun 25)
- <Possible follow-ups>
- Re: WuFTPD: Providing *remote* root since at least1994 Peter Pentchev (Jun 23)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 25)
- Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
(Thread continues...)
- Re: WuFTPD: Providing *remote* root since at least1994 Daniel Jacobowitz (Jun 22)