Bugtraq mailing list archives
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
From: maierj () HOME COM (Joey Maier)
Date: Thu, 29 Jun 2000 10:23:12 +0000
RHSA-2000:039-02: remote root exploit (SITE EXEC) fixed
[...]
A security bug in wu-ftpd can permit remote users, even without an account, to gain root access. The new version closes the hole. 2. Relevant releases/architectures: Red Hat Linux 5.2 - i386 alpha sparc
(which includes wu-ftpd-2.4.2b18-2.i386.rpm)
Red Hat Linux 6.2 - i386 alpha sparc
(which includes wu-ftpd-2.6.0-3.i386.rpm) What about Red Hat 6.0 (includes wu-ftpd-2.4.2vr17-3.i386.rpm) and 6.1 (includes wu-ftpd-2.5.0-9.i386.rpm)? I know that the sploit tf8 released was for version 2.6.0, but earlier versions of wu-ftpd are vunerable, too. Does anyone know if Red Hat plans to release RPMs to fix the 2.5.0 version included in Red Hat 6.1? -- "When you understand UNIX, you will understand the world. When you understand NT....you will understand NT" - R. Thieme http://www.slothnet.com
Current thread:
- Re: Warning regarding new kernel RPMs, (continued)
- Re: Warning regarding new kernel RPMs Dave Walter (Jun 22)
- Re: rh 6.2 - gid compromises, etc [+ MORE!!!] Stan Bubrouski (Jun 21)
- Re: rh 6.2 - gid compromises, etc [+ MORE!!!] Wietse Venema (Jun 23)
- Re: rh 6.2 - gid compromises, etc Stan Bubrouski (Jun 22)
- Allaire Security Bulletin (ASB00-15)- Workaround available for vu lnerabilities exposed by JRun 2.3.x code sample Jesse Noller (Jun 22)
- [RHSA-2000:038-01] Zope update bugzilla () REDHAT COM (Jun 22)
- FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options FreeBSD Security Advisories (Jun 22)
- Re: FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options yeti (Jan 13)
- Re: rh 6.2 - gid compromises, etc Stan Bubrouski (Jun 22)
- [SECURITY] New Debian wu-ftpd packages released Daniel Jacobowitz (Jun 23)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Joey Maier (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Jim Knoble (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Andrea Costantino (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Kenn Humborg (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Philip Rowlands (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Helmethead (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Hugo.van.der.Kooij () CAIW NL (Jun 29)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD Security (Jun 23)
- Security Update: wu-ftpd vulnerability Technical Support (Jun 23)
- Bruce 1.0 EA3: Networked Host-Vulnerability Scanner for Solaris & Linux Keith A. Watson (Jun 21)