Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wu-ftpd Remote Root Hole

Posted by michael on from the taking-anonymous-access-a-little-too-literally dept.

Ademar writes: "A remote exploitable vulnerability was found in wu_ftp, which is distributed in all major distros. The CERT has a (private) list to coordinate this kind of disclosure so vendors can release updates together, but RH broke the schedule and released their advisory first. You can see the full advisory from securityfocus in bugtraq, but here is a quote: "This vulnerability was initially scheduled for public release on December 3, 2001. Red Hat pre-emptively released an advisory on November 27, 2001. As a result, other vendors may not yet have fixes available."" CNET has a story about this too.

6 of 515 comments (clear)

  1. Re:Wu-FTP not in OpenBSD by Anonymous Coward · · Score: 1, Funny

    although it would certainly fit in there

  2. Shame by Syberghost · · Score: 3, Funny

    How dare those RedHat bastards fix a security problem early.

  3. Re:Breech of Trust by augustz · · Score: 3, Funny

    Give me a god damn break. If you had a CLUE about the facts in this case (which include incorrectly addressed email etc) you obviously would not be posting. Why not let the folks whos business this is, CERT, handle the 'punishment', and you go do something useful?

    RedHat has CONSISTENTLY done the Right Thing in a number of areas with respect to Linux. Despite a number of chances not to. This endless self-destructive attitude of the linux community, mainly centered with people who have yet to contribute a line of code anywhere I suspect, but who love waving their hand and yelling foul should stop.

    Seriously, I'd love to auto-mod down folks who don't contribute jack, but cause endless heartache on endless lists. Recently a flame war errupted when someing claiming to be one of the 10 people in the world who wanted to see the kernel improve came on and said linus should stop maintaining 2.5, despite the fact he'd yet to write a line of code for the kernel.

    Taking what trolls like this and the one above seriously undermines things.

    The irony is that the linux camp is all for full disclosure, so RH arguably did the RIGHT thing and let us all know of a problem we wouldn't have found out about till later.

  4. Re:Another globbing bug? by Anonymous Coward · · Score: 1, Funny

    It's actually pretty simple. Unplugging the box from the network would be an acceptable level of network security.

  5. Re:Hypocrisy Detected!!! by fanatic · · Score: 5, Funny

    Tip for MSCEs: Samba and SSH will allow you to remotely administer a Windows network better than any Windows tool.


    Actually, IIS does a pretty good job of letting *everyone* remotely administer your Windows system.

    --
    "that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
  6. Re:I've changed my mind by bapink01 · · Score: 2, Funny

    When I think of security, I think of pants. How can you be secure wearing a kilt. I mean sure sensitive areas are somewhat hidden, but not secured.

    If using a product exposes holes as big as a kilt will then I want to know. Then I can change clothes or avoid windy sidewalks.

    Definition of security thru obscurity: http://www.tuxedo.org/~esr/jargon/html/entry/secur ity-through-obscurity.html