[9997] in bugtraq
Re: WUftp scanner
daemon@ATHENA.MIT.EDU (Gregory A Lundberg)
Fri Mar 26 16:53:12 1999
Date: Thu, 25 Mar 1999 22:25:39 -0500
Reply-To: Gregory A Lundberg <lundberg+wuftpd@VR.NET>
From: Gregory A Lundberg <lundberg+wuftpd@VR.NET>
X-To: baku@EXCITE.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <922285760.14964.823@excite.com>
On Wed, 24 Mar 1999 baku@EXCITE.COM wrote:
> if (strstr (buf, "Version wu-2.4.2-academ[BETA-18](1)"))
No. Way to strict. You'll miss people who touched ftpcmd.y and
recompiled:
Version wu-2.4.2-academ[BETA-18](2)
And you'll miss earlier versions which are vulnerable, say:
Version wu-2.4.2-academ[BETA-12]
And you'll miss derivatives which are vulnerable, like one of mine:
Version wu-2.4.2-academ[BETA-18-VR6]
> {
> if (strstr (buf, "Mon Jan 18 19:19:31 EST 1999"))
> printf ("%s is patched.\n", inet_ntoa (addr));
No. That's the date and time _you_ compiled the daemon. The target
machine was probably compiled some other time.
--
Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive lundberg+wuftpd@vr.net
Kettering, OH 45409-1615 USA 1-800-809-2195
