Bugtraq mailing list archives

Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)

From: jmknoble () PINT-STOWP CX (Jim Knoble)
Date: Thu, 29 Jun 2000 14:47:51 -0400


Circa 2000-Jun-29 10:23:12 +0000 schrieb Joey Maier:

: >RHSA-2000:039-02: remote root exploit (SITE EXEC) fixed
: [...]
: >
: >Red Hat Linux 5.2 - i386 alpha sparc
:
:       (which includes wu-ftpd-2.4.2b18-2.i386.rpm)

Actually, if you've been keeping up with security updates, a Red Hat
5.2 system should have had wu-ftpd-2.6.0-0.5.x installed prior
to this update.

: >Red Hat Linux 6.2 - i386 alpha sparc
:
:       (which includes wu-ftpd-2.6.0-3.i386.rpm)
:
: What about Red Hat 6.0 (includes wu-ftpd-2.4.2vr17-3.i386.rpm) and
: 6.1 (includes wu-ftpd-2.5.0-9.i386.rpm)? I know that the sploit tf8
: released was for version 2.6.0, but earlier versions of wu-ftpd
: are vunerable, too.  Does anyone know if Red Hat plans to release
: RPMs to fix the 2.5.0 version included in Red Hat 6.1?

The text of the security advisory doesn't appear to mention it, but the
6.2 packages are also intended for 6.0 and 6.1.  This has generally
been true of security and bugfix updates from Red Hat since 6.2 was
released.

What i'm a little surprised you didn't ask about was whether Red Hat
plans to release wu-ftpd security updates for Red Hat Linux 4.2, which
quite a few folks are still running in some capacity or another.

--
jim knoble | jmknoble () jmknoble cx | http://www.jmknoble.cx/

Current thread:

Re: rh 6.2 - gid compromises, etc [+ MORE!!!], (continued)
- - - Re: rh 6.2 - gid compromises, etc [+ MORE!!!] Stan Bubrouski (Jun 21)
    - Re: rh 6.2 - gid compromises, etc [+ MORE!!!] Wietse Venema (Jun 23)
    - Re: rh 6.2 - gid compromises, etc Stan Bubrouski (Jun 22)
    - Allaire Security Bulletin (ASB00-15)- Workaround available for vu lnerabilities exposed by JRun 2.3.x code sample Jesse Noller (Jun 22)
    - [RHSA-2000:038-01] Zope update bugzilla () REDHAT COM (Jun 22)
    - FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options FreeBSD Security Advisories (Jun 22)
    - Re: FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options yeti (Jan 13)
    - Re: rh 6.2 - gid compromises, etc Stan Bubrouski (Jun 22)
    - [SECURITY] New Debian wu-ftpd packages released Daniel Jacobowitz (Jun 23)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Joey Maier (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Jim Knoble (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Andrea Costantino (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Kenn Humborg (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Philip Rowlands (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Helmethead (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Hugo.van.der.Kooij () CAIW NL (Jun 29)
    - CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD Security (Jun 23)
    - Security Update: wu-ftpd vulnerability Technical Support (Jun 23)
  - Re: NAI WebShield SMTP does not scan base64 encoding Andre Albsmeier (Jun 21)
    - Bruce 1.0 EA3: Networked Host-Vulnerability Scanner for Solaris & Linux Keith A. Watson (Jun 21)
    - NetBSD Security Advisory 2000-007 security-officer () NETBSD ORG (Jun 21)

(Thread continues...)