Bugtraq mailing list archives
Re: another wu-ftpd exploit
From: Dan Harkless <dan-bugtraq () DILVISH SPEED NET>
Date: Thu, 28 Sep 2000 15:24:28 -0700
George Bakos <alpinista () BIGFOOT COM> writes:
Yesterday www.hack.co.za made available yet another format string stack overwrite exploit for wu-ftpd 2.6.0-*. I have seen an increased level of scanning for port 21 in the past 36 hours, no doubt attributable to this latest SITE EXEC vulnerability.
[...]
This is another incarnation of a very serious vulnerability. If you are running wu-ftpd 2.60-*, it is advised that you upgrade to the 2.6.1 release.
I didn't even realize 2.6.1 was out. The wu-ftpd people apparently made no announcement on Bugtraq and no announcement on their WU-FTPD-ANNOUNCE list. In fact, I haven't received a single email on their announce list since I subscribed on 9/23/99. I just verified with the listserver that I am indeed subscribed, so apparently the wu-ftpd team would rather pretend their security holes don't exist than announce them to their users. I've been wanting to give ProFTPD a try, but I'd been waiting for them to transition to 1.2.0rc2 to 1.2.0. Been waiting since July 28... ---------------------------------------------------------------------- Dan Harkless | To prevent SPAM contamination, please dan-bugtraq () dilvish speed net | do not mention this private email SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
Current thread:
- Re: another wu-ftpd exploit Dan Harkless (Sep 30)
- Re: another wu-ftpd exploit Richard Trott (Oct 01)