> Sorry, but the last major bug was only last year (June 2000 according to the
>SecurityFocus
> advisory). When I was working at the Uni you may remember I gave a talk about
> hacking. In it I used this vulnerability to demonstrate how easy it is to get
> root access on a vulnerable Linux box.
Well yes - on any vulnerable box, regardless of OS ;)
> A search of the keyword
> 'wu-ftpd' on the SecurityFocus vulnerability list will return a number
> of vulnerabilities.
Pleeeeeeease, I had explicitly restricted my statements to the audited
version of wu-ftpd. I quote from the SuSE security advisory June 2000:
----------
...
Package: wuftpd < 2.6.0-121
...
1. Problem Description
The wu-ftp FTP server does not do proper bounds checking while processing
the SITE EXEC command.
2. Impact
An remote attacker could execute arbitrary machine code as root on a FTP
server using wu-ftpd.
This bug could only be exploited if anonymous access to the FTP server
is allowed.
3. Solution
We recommend using our audited 2.4er version of wu-ftpd.
--------------------
I seem to remember the SuSE security people saying that the number of
vulnerabilities in wu-ftpd found since the audit was not higher than
those found in bsd/pro. That seems to be about right.
But Kurt Seifried could well be right with his assessment of ftp in
general.
Volker
