Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wu-ftpd Remote Root Hole

Posted by michael on from the taking-anonymous-access-a-little-too-literally dept.

Ademar writes: "A remote exploitable vulnerability was found in wu_ftp, which is distributed in all major distros. The CERT has a (private) list to coordinate this kind of disclosure so vendors can release updates together, but RH broke the schedule and released their advisory first. You can see the full advisory from securityfocus in bugtraq, but here is a quote: "This vulnerability was initially scheduled for public release on December 3, 2001. Red Hat pre-emptively released an advisory on November 27, 2001. As a result, other vendors may not yet have fixes available."" CNET has a story about this too.

5 of 515 comments (clear)

  1. fp by Anonymous Coward · · Score: 0, Offtopic

    Have a nice day!

  2. Magic Lantern... by cperciva · · Score: 2, Offtopic

    Am I the only person thinking that strategically placed "dumb coding mistakes" might be the real story behind Magic Lantern?

    --
    Tarsnap: Online backups for the truly paranoid
  3. NEWS: 2600 has lost the appeal in the DVD case. by Convergence · · Score: 0, Offtopic

    Hello, it doesn't belong here, but, as the slashdot authors *rejected* the story:

    2001-11-28 23:52:31 2600 lost the appeal (articles,censorship) (rejected)

    The news is just in, 2600 lost the appeal. Nothing more is known. Furthermore, the felton countersuit was thrown out. http://www.2600.com/news/display.shtml?id=852

    It is a dark day.

    1. Re:NEWS: 2600 has lost the appeal in the DVD case. by sheldon · · Score: 1, Offtopic

      It doesn't appear that this Felton thing was a countersuit. He claims to have been threatened by the RIAA, but when countered they denied ever threatening him.

      Rather the request to the judge was simply for a statement saying he had a right to publish his research.

      The Judge response was "Look you bafoon, quit wasting my time."

      Now if Felton had published his research, and the RIAA had sued him. Then there would have been a case to fight.

      That's really the whole point of that one.

  4. According to my sources.. by redhotchil · · Score: 3, Offtopic

    The afformentioned distribution is also unaffected by the following other bugs:

    Nimda: IIS 5.0 is not installed by default in OpenBSD

    Ping of Death: The Microsoft TCP/IP stack is not loaded by default in OpenBSD

    Recent Linux Kernel Bug: OpenBSD unfortunately uses the BSD kernel and the Linux kernel is not installed by default in OpenBSD

    As you can see, OpenBSD is obviously the superior operating system, for namely, its lack of features.

    Thank you.