Bugtraq mailing list archives
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
From: kenn () BLUETREE IE (Kenn Humborg)
Date: Sat, 1 Jul 2000 13:45:13 +0100
On Sat, Jul 01, 2000 at 08:36:45AM +0200, Bernhard Rosenkraenzer wrote:
On Thu, 29 Jun 2000, Kenn Humborg wrote:The latest wu-ftpd RPM for Red Hat 4.2 is also vulnerable. I notified Red Hat about this on Saturday last, but no word from them yet.Who did you talk to? I never got a message, and I'm maintaining our wu-ftpd package.
As per http://www.redhat.com/feedback.html, I emailed security () redhat com.
We're aware of the fact that 4.2 (and 3.x for that matter) are affected, but we're no longer supporting versions prior to 5.2.
Well, then, somebody better tell that to whoever maintains the main errata page at http://www.redhat.com/support/errata/index.html. And can I also ask that you _continue_ to maintain RH4.2 (for security only, if necessary) as it was your last libc5 release. I'd say drop 5.2 before dropping 4.2, as an upgrade from 5.2 to 6.2 would be nowhere neare as traumatic as from 4.2 to 6.2.
If you absolutely need to continue using it, get the source RPM from 5.x and rebuild it.
That's what I did. Later, Kenn
Current thread:
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Bernhard Rosenkraenzer (Jun 30)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Kenn Humborg (Jul 01)
- <Possible follow-ups>
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Gregory A Lundberg (Jun 30)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Tom Perrine (Jul 02)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) wayout (Jul 03)