[15584] in bugtraq
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
daemon@ATHENA.MIT.EDU (Philip Rowlands)
Fri Jun 30 18:56:41 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <395BB1DD.F9803B3@doc.ic.ac.uk>
Date: Thu, 29 Jun 2000 21:30:21 +0100
Reply-To: phr@DOC.IC.AC.UK
From: Philip Rowlands <phr@DOC.IC.AC.UK>
To: BUGTRAQ@SECURITYFOCUS.COM
Joey Maier wrote:
>
[snipped previous RH release info]
> What about Red Hat 6.0 (includes wu-ftpd-2.4.2vr17-3.i386.rpm) and
> 6.1 (includes wu-ftpd-2.5.0-9.i386.rpm)? I know that the sploit tf8
> released was for version 2.6.0, but earlier versions of wu-ftpd
> are vunerable, too. Does anyone know if Red Hat plans to release
> RPMs to fix the 2.5.0 version included in Red Hat 6.1?
It's starting to annoy me that Redhat don't list all the vulnerable
versions of their distribution in their advisories. Particularly as they
list 6.1, 6.0, 5.2, and 4.2 as maintained at
<http://www.redhat.com/support/errata/>.
As for wuftpd 2.5.0, I assume that you're supposed to upgrade to the
latest version.
Phil
