[15597] in bugtraq
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
daemon@ATHENA.MIT.EDU (Bernhard Rosenkraenzer)
Sun Jul 2 14:53:47 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.21.0007010829480.20831-100000@bochum.redhat.de>
Date: Sat, 1 Jul 2000 08:36:45 +0200
Reply-To: Bernhard Rosenkraenzer <bero@REDHAT.DE>
From: Bernhard Rosenkraenzer <bero@REDHAT.DE>
X-To: Kenn Humborg <kenn@BLUETREE.IE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000629205331.A26615@atlas.bluetree.ie>
On Thu, 29 Jun 2000, Kenn Humborg wrote:
> The latest wu-ftpd RPM for Red Hat 4.2 is also vulnerable. I notified
> Red Hat about this on Saturday last, but no word from them yet.
Who did you talk to? I never got a message, and I'm maintaining our
wu-ftpd package.
We're aware of the fact that 4.2 (and 3.x for that matter) are affected,
but we're no longer supporting versions prior to 5.2. If you absolutely
need to continue using it, get the source RPM from 5.x and rebuild it.
LLaP
bero
