On Thu, Jan 18, 2001 at 06:31:37PM +0200, Peter Peltonen wrote:
> Jeff Lane wrote:
> > On Thu, 18 Jan 2001, Mike Burger wrote:
> > > The reason that the article states that it can affect 7.0 is that 7.0
> > > ships with wu-ftpd 2.6.0, and the earlier version of rpc.statd.
> > No... its LPRng for 7. the wu-ftp that ships with 7 is 2.6.1-6
> So wu-ftpd 2.6.0 is infected?
"Infected" is the wrong word. Infected, no. Vulnerable, probably.
> When I look at RH Errata, I can see an update for wu-ftpd, but that is:
> wu-ftpd-2.6.0-14.6x
> and I am running that version. Am I vulnerable for the attack?
Probably not... One very INTERESTING thing about this worm is
it's front end decision switch. It retrieves the ftp banner from a
potential target and then switches based on the date in the banner.
It's got a whole different script depending on if it finds a date
indicating an unpatched 6.2 system from a 7.0 system. If you don't
return one of the two dates that it's checking for, you are not going
to be attacked, even if you have vulnerable versions of the other
packages. That's not to say that didling the banner is the answer.
The answer is to get your system up to date and keep it there. It's
just that, in this case, the ftp service is this worm's Achilles heel.
> Peter
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
