Bugtraq mailing list archives
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
From: Hugo.van.der.Kooij () CAIW NL (Hugo.van.der.Kooij () CAIW NL)
Date: Fri, 30 Jun 2000 08:13:26 +0200
On Thu, 29 Jun 2000, Joey Maier wrote:
RHSA-2000:039-02: remote root exploit (SITE EXEC) fixed[...]A security bug in wu-ftpd can permit remote users, even without an account, to gain root access. The new version closes the hole. 2. Relevant releases/architectures: Red Hat Linux 5.2 - i386 alpha sparc(which includes wu-ftpd-2.4.2b18-2.i386.rpm)Red Hat Linux 6.2 - i386 alpha sparc(which includes wu-ftpd-2.6.0-3.i386.rpm) What about Red Hat 6.0 (includes wu-ftpd-2.4.2vr17-3.i386.rpm) and 6.1 (includes wu-ftpd-2.5.0-9.i386.rpm)? I know that the sploit tf8 released was for version 2.6.0, but earlier versions of wu-ftpd are vunerable, too. Does anyone know if Red Hat plans to release RPMs to fix the 2.5.0 version included in Red Hat 6.1?
You are supposed to use the latest fixes for your major release number. So if you run 6.0 or 6.1 you must use the 6.2 fixes. So there IS a fix for 6.1 and 6.0 available. Hugo. -- Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland hvdkooij () caiw nl http://home.kabelfoon.nl/~hvdkooij/ -------------------------------------------------------------- Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)
Current thread:
- FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options, (continued)
- FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options FreeBSD Security Advisories (Jun 22)
- Re: FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options yeti (Jan 13)
- Re: rh 6.2 - gid compromises, etc Stan Bubrouski (Jun 22)
- [SECURITY] New Debian wu-ftpd packages released Daniel Jacobowitz (Jun 23)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Joey Maier (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Jim Knoble (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Andrea Costantino (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Kenn Humborg (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Philip Rowlands (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Helmethead (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Hugo.van.der.Kooij () CAIW NL (Jun 29)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD Security (Jun 23)
- Security Update: wu-ftpd vulnerability Technical Support (Jun 23)
- Bruce 1.0 EA3: Networked Host-Vulnerability Scanner for Solaris & Linux Keith A. Watson (Jun 21)
- NetBSD Security Advisory 2000-007 security-officer () NETBSD ORG (Jun 21)
- Re: NAI WebShield SMTP does not scan base64 encoding Elias Levy (Jun 22)
- Security Bulletins Digest patrick () PINE NL (Jun 22)
- Re: NAI WebShield SMTP does not scan base64 encoding chris.paget () ANALYSYS COM (Jun 22)
- Free mail scanning tool (was Re: NAI WebShield SMTP does not scan base64 encoding) David F. Skoll (Jun 22)