This should serve as a warning to all those running wuftp ..DONT. I was always amazed to see people on this list talking about how to configure it etc after all the previous problems with it. It seems to be the most consistently vulnerable FTP daemon ever created. As a friend of mine Grant says: "wuftpd is little more than a remote rootshell with ftp extensions" Adam Daniel Technical Consultant ----------------------------------------------------------------------- FORENSIC DATA SERVICES PTY LIMITED http://www.forensicdata.com.au ------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: wuftpd Announcement-ID: SuSE-SA:2001:043 Date: Wednesday, Nov. 28th, 2001 23:45 MET Affected SuSE versions: 6.3, 6.4, 7.0, 7.1, 7.2, 7.3 Vulnerability Type: remote root compromise Severity (1-10): 7 SuSE default package: no Other affected systems: all liunx-like systems using wu-ftpd 2.4.x / 2.6.0 / 2.6.1
Content of this advisory: 1) security vulnerability resolved: wuftpd problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information)
______________________________________________________________________________
<CHOP>