>Jeff, this is true, however if there was an >exploitable buffer overrunn code similar to >wuftpd versions it would not effect the Raqs >anyway since they come with stack execution >disabled, which protects it from exploit code >overruns/overflows, thus eliminating the need >to scramble to patch the Raqs.
WRONG!!! I personally can vouch that this *IS* a threat to RaQ's (3&4) because we just had a local user try and use it against us just yesterday... They didn't succeed in hacking into the box (as far as we can tell), but they DID manage to bring it down... All our RaQ's are fully patched and up to date (and then some).. But afterwards, we found our logs FULL of buffer overruns and kernel calls (traces) and all kinds of other fun stuff from their attempt... Eventually the system had so many open files it just started rejecting everything and eventually crashed. Make no mistake - THIS IS A VALID THREAT TO RAQ'S and needs plugged ASAP!! We have since disabled FTP on all our systems until a patch is released. Let's not be fooled with a false sense of security regarding this one.. __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
