Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Bug

Wu-ftpd Remote Root Hole 515

Posted by michael from the taking-anonymous-access-a-little-too-literally dept.
Ademar writes: "A remote exploitable vulnerability was found in wu_ftp, which is distributed in all major distros. The CERT has a (private) list to coordinate this kind of disclosure so vendors can release updates together, but RH broke the schedule and released their advisory first. You can see the full advisory from securityfocus in bugtraq, but here is a quote: "This vulnerability was initially scheduled for public release on December 3, 2001. Red Hat pre-emptively released an advisory on November 27, 2001. As a result, other vendors may not yet have fixes available."" CNET has a story about this too.
This discussion has been archived. No new comments can be posted.

Wu-ftpd Remote Root Hole More

Wu-ftpd Remote Root Hole

Comments Filter:

  • Re:Wu-FTP not in OpenBSD (Score:1, Funny)

    by Anonymous Coward on Wednesday November 28, 2001 @09:22PM (#2628141)
    although it would certainly fit in there

  • Shame (Score:3, Funny)

    by Syberghost ( 10557 ) <syberghost@syber ... S.com minus poet> on Wednesday November 28, 2001 @09:24PM (#2628146)
    How dare those RedHat bastards fix a security problem early.

  • Re:Breech of Trust (Score:3, Funny)

    by augustz ( 18082 ) on Wednesday November 28, 2001 @09:30PM (#2628172)
    Give me a god damn break. If you had a CLUE about the facts in this case (which include incorrectly addressed email etc) you obviously would not be posting. Why not let the folks whos business this is, CERT, handle the 'punishment', and you go do something useful?

    RedHat has CONSISTENTLY done the Right Thing in a number of areas with respect to Linux. Despite a number of chances not to. This endless self-destructive attitude of the linux community, mainly centered with people who have yet to contribute a line of code anywhere I suspect, but who love waving their hand and yelling foul should stop.

    Seriously, I'd love to auto-mod down folks who don't contribute jack, but cause endless heartache on endless lists. Recently a flame war errupted when someing claiming to be one of the 10 people in the world who wanted to see the kernel improve came on and said linus should stop maintaining 2.5, despite the fact he'd yet to write a line of code for the kernel.

    Taking what trolls like this and the one above seriously undermines things.

    The irony is that the linux camp is all for full disclosure, so RH arguably did the RIGHT thing and let us all know of a problem we wouldn't have found out about till later.

  • Re:Another globbing bug? (Score:1, Funny)

    by Anonymous Coward on Wednesday November 28, 2001 @09:30PM (#2628175)
    It's actually pretty simple. Unplugging the box from the network would be an acceptable level of network security.

  • Re:Hypocrisy Detected!!! (Score:5, Funny)

    by fanatic ( 86657 ) on Wednesday November 28, 2001 @11:34PM (#2628796)
    Tip for MSCEs: Samba and SSH will allow you to remotely administer a Windows network better than any Windows tool.


    Actually, IIS does a pretty good job of letting *everyone* remotely administer your Windows system.

  • Re:I've changed my mind (Score:2, Funny)

    by bapink01 ( 137229 ) on Thursday November 29, 2001 @11:41AM (#2630906)

    When I think of security, I think of pants. How can you be secure wearing a kilt. I mean sure sensitive areas are somewhat hidden, but not secured.

    If using a product exposes holes as big as a kilt will then I want to know. Then I can change clothes or avoid windy sidewalks [takegreatpictures.com].

    Definition of security thru obscurity: http://www.tuxedo.org/~esr/jargon/html/entry/secur ity-through-obscurity.html [tuxedo.org]

Slashdot Top Deals

Happiness is twin floppies.

Close