Wu-ftpd Remote Root Hole · Slashdot Mirror

Posted by michael on Wednesday November 28, 2001 @12:54PM from the taking-anonymous-access-a-little-too-literally dept.

Ademar writes: "A remote exploitable vulnerability was found in wu_ftp, which is distributed in all major distros. The CERT has a (private) list to coordinate this kind of disclosure so vendors can release updates together, but RH broke the schedule and released their advisory first. You can see the full advisory from securityfocus in bugtraq, but here is a quote: "This vulnerability was initially scheduled for public release on December 3, 2001. Red Hat pre-emptively released an advisory on November 27, 2001. As a result, other vendors may not yet have fixes available."" CNET has a story about this too.

1 of 515 comments (clear)

Min score:

Reason:

Sort:

Re:No surprises here by augustz · 2001-11-28 13:32 · Score: 2, Redundant

Couldn't agree more, the distros need to stop shipping software with horrendous security records.

wu-ftpd/bind/sendmail literally give me the shudders. There are solid competitors for all of these. Greater or equal features, and designs that are much more secure.