Bugtraq mailing list archives
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
From: phr () DOC IC AC UK (Philip Rowlands)
Date: Thu, 29 Jun 2000 21:30:21 +0100
Joey Maier wrote:
[snipped previous RH release info]
What about Red Hat 6.0 (includes wu-ftpd-2.4.2vr17-3.i386.rpm) and 6.1 (includes wu-ftpd-2.5.0-9.i386.rpm)? I know that the sploit tf8 released was for version 2.6.0, but earlier versions of wu-ftpd are vunerable, too. Does anyone know if Red Hat plans to release RPMs to fix the 2.5.0 version included in Red Hat 6.1?
It's starting to annoy me that Redhat don't list all the vulnerable versions of their distribution in their advisories. Particularly as they list 6.1, 6.0, 5.2, and 4.2 as maintained at <http://www.redhat.com/support/errata/>. As for wuftpd 2.5.0, I assume that you're supposed to upgrade to the latest version. Phil
Current thread:
- Allaire Security Bulletin (ASB00-15)- Workaround available for vu lnerabilities exposed by JRun 2.3.x code sample, (continued)
- Allaire Security Bulletin (ASB00-15)- Workaround available for vu lnerabilities exposed by JRun 2.3.x code sample Jesse Noller (Jun 22)
- [RHSA-2000:038-01] Zope update bugzilla () REDHAT COM (Jun 22)
- FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options FreeBSD Security Advisories (Jun 22)
- Re: FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options yeti (Jan 13)
- Re: rh 6.2 - gid compromises, etc Stan Bubrouski (Jun 22)
- [SECURITY] New Debian wu-ftpd packages released Daniel Jacobowitz (Jun 23)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Joey Maier (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Jim Knoble (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Andrea Costantino (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Kenn Humborg (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Philip Rowlands (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Helmethead (Jun 29)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Hugo.van.der.Kooij () CAIW NL (Jun 29)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD Security (Jun 23)
- Security Update: wu-ftpd vulnerability Technical Support (Jun 23)
- Bruce 1.0 EA3: Networked Host-Vulnerability Scanner for Solaris & Linux Keith A. Watson (Jun 21)
- NetBSD Security Advisory 2000-007 security-officer () NETBSD ORG (Jun 21)
- Re: NAI WebShield SMTP does not scan base64 encoding Elias Levy (Jun 22)
- Security Bulletins Digest patrick () PINE NL (Jun 22)
- Re: NAI WebShield SMTP does not scan base64 encoding chris.paget () ANALYSYS COM (Jun 22)