[15519] in bugtraq
Re: WuFTPD: Providing *remote* root since at least1994
daemon@ATHENA.MIT.EDU (Gregory A Lundberg)
Wed Jun 28 16:04:31 2000
Mail-Followup-To: Tomasz Grabowski <cadence@APOLLO.ACI.COM.PL>,
BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000627184859.D27582@vr.net>
Date: Tue, 27 Jun 2000 18:48:59 -0400
Reply-To: Gregory A Lundberg <lundberg@VR.NET>
From: Gregory A Lundberg <lundberg@VR.NET>
X-To: Tomasz Grabowski <cadence@APOLLO.ACI.COM.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10006271719280.17020-200000@apollo.aci.com.pl>;
from Tomasz Grabowski on Tue, Jun 27, 2000 at 05:29:43PM +0200
On Tue, Jun 27, 2000 at 05:29:43PM +0200, Tomasz Grabowski wrote:
> Anyway I made a patch for that bug so You don't need to change Your
> wu-ftpd-academ to wu-ftpd if You don't want.
Bascially, all your patch does is prevent an attack which isn't (currently)
being used very widely on a version of the server which is vulnerable to at
least two attacks which ARE.
The smart thing to do is immedeately disconnect your 'wu-ftpd-academ' host
and scan for root breakins. Then, when you've cleaned out the kiddies and
regained control of your host, upgrade to 2.6.0 and apply the patch.
--
Gregory A Lundberg WU-FTPD Development Group
1441 Elmdale Drive lundberg@wu-ftpd.org
Kettering, OH 45409-1615 USA 1-800-809-2195
