|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-Id: <Pine.BSO.4.10.9910201511280.26798-100000@www> Date: Wed, 20 Oct 1999 15:16:51 -0700 Reply-To: trott@SLOWPOISONERS.COM From: Richard Trott <trott@SLOWPOISONERS.COM> X-To: BUGTRAQ@SECURITYFOCUS.COM, cert@cert.org To: BUGTRAQ@SECURITYFOCUS.COM In-Reply-To: <19991020095700.A3737@underground.org> > WU-FTPD and BeroFTPD > > Vulnerability #1: > > Not vulnerable: > versions 2.4.2 and all betas and earlier versions > Vulnerable: > wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15 > wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17 > wu-ftpd-2.5.0 > BeroFTPD, all versions CERT appears to have left out wu-ftpd-2.6.0 (although they included it in the lists for the other two vulnerabilities). Version 2.6.0 does *not* have the "MAPPING_CHDIR Buffer Overflow" vulnerability, at least if the ANNOUNCE-RELEASE file for that version is to be believed. It reads, in part: "Corrected an error in the MAPPING_CHDIR feature which could be used to gain root privileges on the server." Presumably, this refers to this vulnerability. Rich
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |