Thus spake Robert J. Alexander ([EMAIL PROTECTED]): > I am running a Debian 2.1 dist. > > I was sent the following (appended) quite recent (a month old) CERT > advisory. > > How do I understand which Debian packaging has closed these holes ???? >
The latest wu-ftpd (2.6.0-2) in potato closes these issues. In fact, all of the 2.5.0 finals should be fine as well. The advisory lists 2.5.0 wu-ftpd's as not vulnerable. I was able to test and confirm this. I haven't tested those recent issues on the pre's though, since I didn't have any pre versions installed on any of my servers at the time. If you're running < 2.5.0pre* it would be best to update. It would be best to update to the current version regardless. There are a number of bugfixes closed in 2.6.0 that will probably prevent additional exploits from popping up, that have not yet been discovered. > BTW Is there a way to automate the PUT of files in the incoming area so > that every time one is performed root gets a mail with the filename > filesize and originator ??? You can write a little program that runs from cron every so often to do this. If not, there is some perl code called ftpcheck that does this. I haven't tried it out, but it looks good. You can pick it up at ftp://ftp.cle.ab.com/pub/ftpcheck.v2.3 -- , oneiros ([EMAIL PROTECTED]) | . OpenPGP Supported . ' Your good nature will bring unbounded happiness.
