Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wu-ftpd Remote Root Hole

Posted by michael on from the taking-anonymous-access-a-little-too-literally dept.

Ademar writes: "A remote exploitable vulnerability was found in wu_ftp, which is distributed in all major distros. The CERT has a (private) list to coordinate this kind of disclosure so vendors can release updates together, but RH broke the schedule and released their advisory first. You can see the full advisory from securityfocus in bugtraq, but here is a quote: "This vulnerability was initially scheduled for public release on December 3, 2001. Red Hat pre-emptively released an advisory on November 27, 2001. As a result, other vendors may not yet have fixes available."" CNET has a story about this too.

2 of 515 comments (clear)

  1. Magic Lantern... by cperciva · · Score: 2, Offtopic

    Am I the only person thinking that strategically placed "dumb coding mistakes" might be the real story behind Magic Lantern?

    --
    Tarsnap: Online backups for the truly paranoid
  2. According to my sources.. by redhotchil · · Score: 3, Offtopic

    The afformentioned distribution is also unaffected by the following other bugs:

    Nimda: IIS 5.0 is not installed by default in OpenBSD

    Ping of Death: The Microsoft TCP/IP stack is not loaded by default in OpenBSD

    Recent Linux Kernel Bug: OpenBSD unfortunately uses the BSD kernel and the Linux kernel is not installed by default in OpenBSD

    As you can see, OpenBSD is obviously the superior operating system, for namely, its lack of features.

    Thank you.