> WU-FTPD and BeroFTPD
>
> Vulnerability #1:
>
> Not vulnerable:
> versions 2.4.2 and all betas and earlier versions
> Vulnerable:
> wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15
> wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17
> wu-ftpd-2.5.0
> BeroFTPD, all versions
CERT appears to have left out wu-ftpd-2.6.0 (although they included it in
the lists for the other two vulnerabilities).
Version 2.6.0 does *not* have the "MAPPING_CHDIR Buffer Overflow"
vulnerability, at least if the ANNOUNCE-RELEASE file for that version is
to be believed. It reads, in part:
"Corrected an error in the MAPPING_CHDIR feature which could be used to
gain root privileges on the server."
Presumably, this refers to this vulnerability.
Rich
