Talking to someone, they mentioned that they had seen an exploit against wuftpd on rootshell.com, and out of curiousity (and the fact that I happen to be running it) I looked at the advisory:
http://www.rootshell.com/archive-j457nxiqi3gq59dv/199902/ftpd.txt.html
This part is taken from that page: [Affected Systems] Any server running the latest version of ProFTPD (1.2.0pre1) or the latest version of Wuarchive ftpd (2.4.2-academ[BETA-18]). wu-ftpd is installed and enabled by default on most Linux variants such as RedHat and Slackware Linux. ProFTPD is new software recently adopted by many major internet companies for its improved performance and reliability.
This alarmed me somewhat, since I had never seen any recent exploits for wu-ftpd (as opposed to proftpd, which seems to have been rather in the spotlight lately). Doubly for the fact that the wuftpd I run is 2.4.2-beta-18, and that I have a 0733 directory as well.
Have both SuSE 6.1 and 6.2's wu-ftpd been patched already? I ask, since it seems to usually be the case that the minor version number jumps with a bug/exploit fix, and there are no updates for either on ftp.suse.com.
dan ___________________________________________________________________ Get the Internet just the way you want it. Free software, free e-mail, and free Internet access for a month! Try Juno Web: http://dl.www.juno.com/dynoget/tagj.
On Sat, 2 Oct 1999 earendil7@juno.com wrote:
happen to be running it) I looked at the advisory:
http://www.rootshell.com/archive-j457nxiqi3gq59dv/199902/ftpd.txt.html
I looked at it too.
Have both SuSE 6.1 and 6.2's wu-ftpd been patched already? I ask, since it seems to usually be the case that the minor version number jumps with a bug/exploit fix, and there are no updates for either on ftp.suse.com.
At the end you can find the answer: "Bodo Bauer says: [...]" There has been an update for 6.0, so it should be ok for 6.[12] Peter
-
earendil7@juno.com -
Peter Münster