On 25 Jun 2000, Chmouel Boudjnah wrote:
> Don Head <[EMAIL PROTECTED]> writes:
>
> > I just thought I'd see if there was an upgrade planned for wu-ftpd,
> > following the recent exploit that's all over BugTraq. Most of the other
> > distros have responded, including Red Hat, but I haven't heard anything yet
> > from the Mandrake front.
>
> it's only affect version <=3D 2.5 and for 6.x we already an upgrade to
> 2.6 (and since 7.x we use 2.6) .
No!
*** 2.6 is still affected!
You should react as fast as possible.
Different ways of bugfixes were sent on bugtraq.
Excerpt of bugtraq exploit posting:
On Fri, 23 Jun 2000, tf8 wrote:
> /* - wuftpd2600.c
> * VERY PRIVATE VERSION. DO NOT DISTRIBUTE. 15-10-1999
> *
> * WUFTPD 2.6.0 REMOTE ROOT EXPLOIT
> * by tf8
> *
> * *NOTE*: For ethical reasons, only an exploit for 2.6.0 will be
> * released (2.6.0 is the most popular version nowadays), and it
> * should suffice to proof this vulnerability concept.
> *
> * Site exec was never really *fixed*
> *
> * Greetz to portal (he is elite!#%$) and all #!security.is, glitch, DiGit,
> * \x90, venglin, xz, MYT and lamagra.
> * Also greetings go to the WU-FTPD development team for including this
> * bug in ALL their versions.
> *
> * Fuck to wuuru (he is an idiot)
> *
> * Account is not required, anonymous access is enough :)
> *
> * BTW, exploit is broken to avoid kids usage ;)
> *
> * VERY PRIVATE VERSION. DO NOT DISTRIBUTE. 15-10-1999
> */
-------------------------------------------------------------------------
Sending unsolicited commercial email to this address may be a violation
of the Washington State Consumer Protection Act, chapter 19.86 RCW.
Das Verschicken unverlangter kommerzieller email an diese Adresse ist
verboten (LG Traunstein, 2 HK O 3755/97 vom 14.10.1997, CR 1998, 171f).
(Frank Meurer, <[EMAIL PROTECTED]>, PGP ID: 0x5E756DA8)
