[15586] in bugtraq
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
daemon@ATHENA.MIT.EDU (Kenn Humborg)
Fri Jun 30 19:09:42 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000629205331.A26615@atlas.bluetree.ie>
Date: Thu, 29 Jun 2000 20:53:31 +0100
Reply-To: Kenn Humborg <kenn@BLUETREE.IE>
From: Kenn Humborg <kenn@BLUETREE.IE>
X-To: Joey Maier <maierj@HOME.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSO.4.21.0006291001180.25731-100000@www.slothnet.com>; from
Joey Maier on Thu, Jun 29, 2000 at 10:23:12AM +0000
On Thu, Jun 29, 2000 at 10:23:12AM +0000, Joey Maier wrote:
> >RHSA-2000:039-02: remote root exploit (SITE EXEC) fixed
> [...]
> >A security bug in wu-ftpd can permit remote users, even without
> >an account, to gain root access.
> >The new version closes the hole.
> >
> >2. Relevant releases/architectures:
> >
> >Red Hat Linux 5.2 - i386 alpha sparc
>
> (which includes wu-ftpd-2.4.2b18-2.i386.rpm)
>
> >Red Hat Linux 6.2 - i386 alpha sparc
>
> (which includes wu-ftpd-2.6.0-3.i386.rpm)
>
> What about Red Hat 6.0 (includes wu-ftpd-2.4.2vr17-3.i386.rpm) and
> 6.1 (includes wu-ftpd-2.5.0-9.i386.rpm)? I know that the sploit tf8
The latest wu-ftpd RPM for Red Hat 4.2 is also vulnerable. I notified
Red Hat about this on Saturday last, but no word from them yet.
Ah well...
Later,
Kenn
