Servers Left Vulnerable By Early Patch Release

[InfoSec News <isn () c4i org>]

http://www.newsbytes.com/news/01/172504.html

By Steven Bonisteel, Newsbytes
RESEARCH TRIANGLE PARK, NORTH CAROLINA, U.S.A.,
28 Nov 2001, 4:51 PM CST
 
A coordinated effort by multiple vendors to plug a security hole in
software found on many Internet servers went off the rails this week
when one of the vendors, open- source Linux bundler Red Hat, released
information on its fix ahead of schedule.

Red Hat's Mark Cox, senior director of engineering, told Newsbytes
that his company has been apologizing to other vendors who were caught
off guard by the early release of a patch for a file transfer protocol
(FTP) server called Wu-Ftpd - a well-known workhorse behind many
online software repositories and the file- transfer doorway to
numerous Web sites.

The problem with Red Hat's early release Tuesday, security experts
said, was that a close examination of the source-code patch affords
savvy hackers a roadmap to the FTP server's vulnerability, which
happens to be one that could allow a malicious individual unfettered
access to the Linux-based systems on which it usually runs.

[...]




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.