Security Incidents mailing list archives

Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)

From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Thu, 6 Jul 2000 10:25:33 -0700


Message-Id: <200007052318.QAA07076 () draco acs uci edu>
To: Gregory A Lundberg <lundberg () wu-ftpd org>
Cc: BUGTRAQ () securityfocus com
Subject: Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
Date: Wed, 05 Jul 2000 16:18:18 -0700
From: Mike Iglesias <iglesias () draco acs uci edu>

 - I, personally, have seen NO scanning for FTP services on my networks.
   While this is admitedly anecdotal evidence, the last exploit against
   WU-FTPD, which _did_ work and _was_ in widespread use, was acompanied by
   a marked increase in such scans on the networks I manage.  I have talked
   with several other network operators and most report no increase in
   scanning; one did report he is seeing some FTP probes on his campus.
   The probes and scans I am seeing are consistent with the most-recent
   CERT Current Activity report (
   http://www.cert.org/current/current_activity.html ).


We have seen an increase in ftp port scanning after the first notice of
the bug was reported.  We get scans almost every day, but it has increased
to more than one a day in the last week or so.

Mike Iglesias                          Internet:    iglesias () draco acs uci edu
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2069

Current thread:

Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Elias Levy (Jul 06)
- <Possible follow-ups>
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Elias Levy (Jul 06)
- Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Elias Levy (Jul 06)
  - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Valdis Kletnieks (Jul 06)