> Had something show up from Red Hat today about wu-ftpd having
> a new remote exploit - anyone else hear about this? Visited the
> wu-ftpd.org site, but didn't see any new sources or quickfixes
> available (or any information on the main page).
here is what I got from debian security mailing list today...
Package: wu-ftpd (wu-ftpd-academ)
Vulnerability: remote root exploit
Debian-specific: no
The version of wu-ftpd distributed in Debian GNU/Linux 2.1 (a.k.a. slink),
as well as in the frozen (potato) and unstable (woody) distributions, is
vulnerable to a remote root compromise. The default configuration in all
current Debian packages prevents the currently available exploits in the
case of anonymous access, although local users could still possibly
compromise the server.
This has been fixed in versions 2.4.2.16-13.1 (for slink) and 2.6.0-5.1 (for
potato and woody), and we recommend that you update your wu-ftpd-academ (for
slink) or wu-ftpd (for potato and woody) package immediately.
--
~ Experience the power of the Penguin
'v' _/ _/_/_/ _/ _/ _/ _/ _/ _/
// \ _/ _/ _/_/ _/ _/ _/ _/_/
/( )\ _/ _/ _/ _/_/ _/ _/ _/_/
^`~'^ _/_/_/ _/_/_/ _/ _/ _/_/_/_/ _/ _/
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
