Security Incidents mailing list archives
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Thu, 6 Jul 2000 10:25:33 -0700
Message-Id: <200007052318.QAA07076 () draco acs uci edu> To: Gregory A Lundberg <lundberg () wu-ftpd org> Cc: BUGTRAQ () securityfocus com Subject: Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Date: Wed, 05 Jul 2000 16:18:18 -0700 From: Mike Iglesias <iglesias () draco acs uci edu>
- I, personally, have seen NO scanning for FTP services on my networks. While this is admitedly anecdotal evidence, the last exploit against WU-FTPD, which _did_ work and _was_ in widespread use, was acompanied by a marked increase in such scans on the networks I manage. I have talked with several other network operators and most report no increase in scanning; one did report he is seeing some FTP probes on his campus. The probes and scans I am seeing are consistent with the most-recent CERT Current Activity report ( http://www.cert.org/current/current_activity.html ).
We have seen an increase in ftp port scanning after the first notice of the bug was reported. We get scans almost every day, but it has increased to more than one a day in the last week or so. Mike Iglesias Internet: iglesias () draco acs uci edu University of California, Irvine phone: 949-824-6926 Network & Academic Computing Services FAX: 949-824-2069
Current thread:
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Elias Levy (Jul 06)
- <Possible follow-ups>
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Elias Levy (Jul 06)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Elias Levy (Jul 06)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Valdis Kletnieks (Jul 06)