[15623] in bugtraq
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
daemon@ATHENA.MIT.EDU (wayout)
Wed Jul 5 17:25:04 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.21.0007032129290.29028-100000@wayout.way-out.net>
Date: Mon, 3 Jul 2000 21:37:46 +0200
Reply-To: wayout <wayout@WAYOUT.IAE.NL>
From: wayout <wayout@WAYOUT.IAE.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000701024343.B26108@vr.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 1 Jul 2000, Gregory A Lundberg wrote:
> - I, personally, have seen NO scanning for FTP services on my networks.
> While this is admitedly anecdotal evidence, the last exploit against
> WU-FTPD, which _did_ work and _was_ in widespread use, was acompanied by
> a marked increase in such scans on the networks I manage. I have talked
> with several other network operators and most report no increase in
> scanning; one did report he is seeing some FTP probes on his campus.
> The probes and scans I am seeing are consistent with the most-recent
> CERT Current Activity report (
> http://www.cert.org/current/current_activity.html ).
>
As a member of the System Administration group of a large cable network
provider in the Netherlands I can state that there /has/ been an increase
in FTP scans. Just as there was a noticeble increase in scans on port 21
when wuftpd 2.5.0 was shown vulnerable.
<snip>
>
> - "The exploit is in wide use." At this point, the WU-FTPD Development
> Group has seen no evidence the exploit works or is being used at all.
> Our position, however, is that the exploit ought to work since the bug
> is real. So, while this is currently a false statement it could become
> true at some point.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Made with pgp4pine 1.75
iD8DBQE5YOuaLUYHCoW7cyIRAub/AJkBN31bTicqobu2kjrI6m7xMxVkxQCfSNid
F4c8/lzcnk5tUmqfY703N2Y=
=IPF3
-----END PGP SIGNATURE-----
