Bugtraq mailing list archives

Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)

From: phr () DOC IC AC UK (Philip Rowlands)
Date: Thu, 29 Jun 2000 21:30:21 +0100


Joey Maier wrote:

[snipped previous RH release info]

What about Red Hat 6.0 (includes wu-ftpd-2.4.2vr17-3.i386.rpm) and
6.1 (includes wu-ftpd-2.5.0-9.i386.rpm)? I know that the sploit tf8
released was for version 2.6.0, but earlier versions of wu-ftpd
are vunerable, too.  Does anyone know if Red Hat plans to release
RPMs to fix the 2.5.0 version included in Red Hat 6.1?


It's starting to annoy me that Redhat don't list all the vulnerable
versions of their distribution in their advisories. Particularly as they
list 6.1, 6.0, 5.2, and 4.2 as maintained at
<http://www.redhat.com/support/errata/>.

As for wuftpd 2.5.0, I assume that you're supposed to upgrade to the
latest version.

Phil

Current thread:

Allaire Security Bulletin (ASB00-15)- Workaround available for vu lnerabilities exposed by JRun 2.3.x code sample, (continued)
- - - Allaire Security Bulletin (ASB00-15)- Workaround available for vu lnerabilities exposed by JRun 2.3.x code sample Jesse Noller (Jun 22)
    - [RHSA-2000:038-01] Zope update bugzilla () REDHAT COM (Jun 22)
    - FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options FreeBSD Security Advisories (Jun 22)
    - Re: FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options yeti (Jan 13)
    - Re: rh 6.2 - gid compromises, etc Stan Bubrouski (Jun 22)
    - [SECURITY] New Debian wu-ftpd packages released Daniel Jacobowitz (Jun 23)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Joey Maier (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Jim Knoble (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Andrea Costantino (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Kenn Humborg (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Philip Rowlands (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Helmethead (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Hugo.van.der.Kooij () CAIW NL (Jun 29)
    - CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD Security (Jun 23)
    - Security Update: wu-ftpd vulnerability Technical Support (Jun 23)
  - Re: NAI WebShield SMTP does not scan base64 encoding Andre Albsmeier (Jun 21)
    - Bruce 1.0 EA3: Networked Host-Vulnerability Scanner for Solaris & Linux Keith A. Watson (Jun 21)
    - NetBSD Security Advisory 2000-007 security-officer () NETBSD ORG (Jun 21)
    - Re: NAI WebShield SMTP does not scan base64 encoding Elias Levy (Jun 22)
    - Security Bulletins Digest patrick () PINE NL (Jun 22)
    - Re: NAI WebShield SMTP does not scan base64 encoding chris.paget () ANALYSYS COM (Jun 22)

(Thread continues...)