Bugtraq mailing list archives
[slackware-security] wu-ftpd remote exploit patched
From: chris () THEALANGROUP COM (Christopher Kager)
Date: Wed, 28 Jun 2000 12:19:36 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----- Original Message ----- From: "Slackware Security Team" <security () slackware com> To: <slackware-security () slackware com> Sent: Wednesday, June 28, 2000 5:18 AM Subject: [slackware-security] wu-ftpd remote exploit patched A remote exploit has been found in the FTP daemon, wu-ftpd. This can allow an attacker full access to your machine. The wu-ftpd daemon is part of the tcpip1.tgz package in the N series. A new tcpip1.tgz package is now available in the Slackware 7.1 tree. We have also provided a seperate patch package for users who have already installed Slackware 7.1 and just want the new FTP daemon. ========================================= wu-ftpd 2.6.0 AVAILABLE - (n6/tcpip1.tgz) ========================================= The recent root exploit in wu-ftpd has been patched and the new tcpip1.tgz is in the Slackware 7.1 tree: ftp://ftp.slackware.com/pub/slackware/slackware-7.1/slakware/n6/ A seperate wu-ftpd-only patch package is available in the patches/ subdirectory: ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/ All users are strongly urged to upgrade to the patched wu-ftpd daemon. You only need to download one package to get the new FTP daemon. Here are the md5sums and checksums for the packages: 1660403894 62427 ./wu-ftpd-patch.tgz d42c1708634232f8bc6a396827959851 ./wu-ftpd-patch.tgz 3287743865 1017793 ./n6/tcpip1.tgz 7aff2b13086e881a6ee029d44a448f17 ./n6/tcpip1.tgz INSTALLATION INSTRUCTIONS FOR THE tcpip1.tgz PACKAGE: ---------------------------------------------------- If you have downloaded the new tcpip1.tgz package, you should bring the system into runlevel 1 and run upgradepkg on it: # telinit 1 # upgradepkg tcpip1.tgz # telinit 3 INSTALLATION INSTRUCTIONS FOR THE wu-ftpd-patch.tgz PACKAGE: ----------------------------------------------------------- If you have downloaded the wu-ftpd-patch.tgz package, you should bring the system into runlevel 1 and run installpkg on it: # telinit 1 # installpkg wu-ftpd-patch.tgz # telinit 3 Remember, it's also a good idea to backup configuration files before upgrading packages. - - Slackware Linux Security Team http://www.slackware.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOVollsngd47OM+yTEQIZsgCffHR0j80zHs9sl79XyZBtwBULuNsAn3mY tce8IvTDwbIul0DIFAbkees1 =mLB4 -----END PGP SIGNATURE-----
Current thread:
- Force Feeding http-equiv () excite com (Jun 24)
- Re: Force Feeding David LeBlanc (Jun 24)
- Re: Force Feeding Dimitry Andric (Jun 26)
- Re: Force Feeding Philip Stoev (Jun 28)
- Re: Force Feeding David LeBlanc (Jun 28)
- Re: Force Feeding Weld Pond (Jun 25)
- Re: Force Feeding M. Burnett (Jun 26)
- Re: Force Feeding Phonix (Jun 27)
- [suse-security-announce] SuSE Security Announcement: wuftpd-2.6 (fwd) Daniel T. Chen (Jun 27)
- DoS in FirstClass Internet Services 5.770 Adam Prime (Jun 27)
- [slackware-security] wu-ftpd remote exploit patched Christopher Kager (Jun 28)
- [SECURITY] New verion of dhcp released debian-security-announce () LISTS DEBIAN ORG (Jun 28)
- Security Bulletins Digest patrick () PINE NL (Jun 28)
- Bypassing Warnings For Invalid SSL Certificates, Part Two Frank Knobbe (Jun 28)
- NT DNS Server leaks administrator account name in SOA record Roy Hills (Jun 26)
- Re: NT DNS Server leaks administrator account name in SOA record Mikael Olsson (Jun 26)
- Re: NT DNS Server leaks administrator account name in SOA record Chris Knipe (Jun 27)
- Re: Force Feeding David LeBlanc (Jun 24)