[15551] in bugtraq
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
daemon@ATHENA.MIT.EDU (Joey Maier)
Thu Jun 29 14:26:31 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSO.4.21.0006291001180.25731-100000@www.slothnet.com>
Date: Thu, 29 Jun 2000 10:23:12 +0000
Reply-To: Joey Maier <maierj@HOME.COM>
From: Joey Maier <maierj@HOME.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000623001738.A10472@drow.them.org>
>RHSA-2000:039-02: remote root exploit (SITE EXEC) fixed
[...]
>A security bug in wu-ftpd can permit remote users, even without
>an account, to gain root access.
>The new version closes the hole.
>
>2. Relevant releases/architectures:
>
>Red Hat Linux 5.2 - i386 alpha sparc
(which includes wu-ftpd-2.4.2b18-2.i386.rpm)
>Red Hat Linux 6.2 - i386 alpha sparc
(which includes wu-ftpd-2.6.0-3.i386.rpm)
What about Red Hat 6.0 (includes wu-ftpd-2.4.2vr17-3.i386.rpm) and
6.1 (includes wu-ftpd-2.5.0-9.i386.rpm)? I know that the sploit tf8
released was for version 2.6.0, but earlier versions of wu-ftpd
are vunerable, too. Does anyone know if Red Hat plans to release
RPMs to fix the 2.5.0 version included in Red Hat 6.1?
--
"When you understand UNIX, you will understand the world.
When you understand NT....you will understand NT" - R. Thieme
http://www.slothnet.com
