[15511] in bugtraq
[slackware-security] wu-ftpd remote exploit patched
daemon@ATHENA.MIT.EDU (Christopher Kager)
Wed Jun 28 15:13:13 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <004c01bfe11c$a74034c0$8f585e3f@alanagroup>
Date: Wed, 28 Jun 2000 12:19:36 -0400
Reply-To: Christopher Kager <chris@THEALANGROUP.COM>
From: Christopher Kager <chris@THEALANGROUP.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----- Original Message -----
From: "Slackware Security Team" <security@slackware.com>
To: <slackware-security@slackware.com>
Sent: Wednesday, June 28, 2000 5:18 AM
Subject: [slackware-security] wu-ftpd remote exploit patched
A remote exploit has been found in the FTP daemon, wu-ftpd. This can
allow an attacker full access to your machine.
The wu-ftpd daemon is part of the tcpip1.tgz package in the N series. A
new tcpip1.tgz package is now available in the Slackware 7.1 tree. We
have also provided a seperate patch package for users who have already
installed Slackware 7.1 and just want the new FTP daemon.
=========================================
wu-ftpd 2.6.0 AVAILABLE - (n6/tcpip1.tgz)
=========================================
The recent root exploit in wu-ftpd has been patched and the new
tcpip1.tgz is in the Slackware 7.1 tree:
ftp://ftp.slackware.com/pub/slackware/slackware-7.1/slakware/n6/
A seperate wu-ftpd-only patch package is available in the patches/
subdirectory:
ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/
All users are strongly urged to upgrade to the patched wu-ftpd
daemon. You only need to download one package to get the new FTP
daemon.
Here are the md5sums and checksums for the packages:
1660403894 62427 ./wu-ftpd-patch.tgz
d42c1708634232f8bc6a396827959851 ./wu-ftpd-patch.tgz
3287743865 1017793 ./n6/tcpip1.tgz
7aff2b13086e881a6ee029d44a448f17 ./n6/tcpip1.tgz
INSTALLATION INSTRUCTIONS FOR THE tcpip1.tgz PACKAGE:
----------------------------------------------------
If you have downloaded the new tcpip1.tgz package, you should bring
the system into runlevel 1 and run upgradepkg on it:
# telinit 1
# upgradepkg tcpip1.tgz
# telinit 3
INSTALLATION INSTRUCTIONS FOR THE wu-ftpd-patch.tgz PACKAGE:
-----------------------------------------------------------
If you have downloaded the wu-ftpd-patch.tgz package, you should
bring the system into runlevel 1 and run installpkg on it:
# telinit 1
# installpkg wu-ftpd-patch.tgz
# telinit 3
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- - Slackware Linux Security Team
http://www.slackware.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQA/AwUBOVollsngd47OM+yTEQIZsgCffHR0j80zHs9sl79XyZBtwBULuNsAn3mY
tce8IvTDwbIul0DIFAbkees1
=mLB4
-----END PGP SIGNATURE-----
