Wu-ftpd Remote Root Hole

Ademar writes: "A remote exploitable vulnerability was found in wu_ftp, which is distributed in all major distros. The CERT has a (private) list to coordinate this kind of disclosure so vendors can release updates together, but RH broke the schedule and released their advisory first. You can see the full advisory from securityfocus in bugtraq, but here is a quote: "This vulnerability was initially scheduled for public release on December 3, 2001. Red Hat pre-emptively released an advisory on November 27, 2001. As a result, other vendors may not yet have fixes available."" CNET has a story about this too.

Re:Nice.

[Pxtl]

Plus, its pretty bad since whenever micorosoft gets something like this, people get pissed off if they take more then a weekend on it. Here, they took almost a week longer then RedHat, makes you wonder how long this sploit was in hacker circles, and how long the distros knew about it. Whatever happened to the claims of fast reaction in the opensource industry vs. old-skool business?

This isn't a troll, but an honest question - what tookem so long, and why didn't they just throw it open to end-users to protect themselves (like closing down ftps in worst-case) like is supposed to be standard practice?

Stupid is as stupid does..

[grub]

a) install a secure by default OS such as OpenBSD
b) LEAVE FTP disabled
c) LEAVE Telnet disabled
d) ENABLE SFTP if you need an FTPish connection.

Live happy and don't end up like LinuxToday.com LOL

Re:Nice.

[czardonic]

Whatever happened to the claims of fast reaction in the opensource industry vs. old-skool business?

This isn't a troll. . .

THIS is a troll. All that OSS jazz is FUD. Here is proof positive that OSS can't do any better than MS when it comes to releasing fixes, and that OSS is just as likely to try (and fail) at keeping vulnerabilities secret.

Hell, I thought that millions of OSS programmers were swarming all over the code 24/7, exposing bugs the second the code is released.