Wu-ftpd Remote Root Hole 515
Ademar writes: "A remote exploitable vulnerability was found in wu_ftp, which is distributed in all major distros. The CERT has a (private) list to coordinate this kind of disclosure so vendors can release updates together, but RH broke the schedule and released their advisory first. You can see the full advisory from securityfocus in bugtraq, but here is a quote: "This vulnerability was initially scheduled for public release on December 3, 2001. Red Hat pre-emptively released an advisory on November 27, 2001. As a result, other vendors may not yet have fixes available."" CNET has a story about this too.
Re:Wu-FTP not in OpenBSD (Score:1, Funny)
Shame (Score:3, Funny)
Re:Breech of Trust (Score:3, Funny)
RedHat has CONSISTENTLY done the Right Thing in a number of areas with respect to Linux. Despite a number of chances not to. This endless self-destructive attitude of the linux community, mainly centered with people who have yet to contribute a line of code anywhere I suspect, but who love waving their hand and yelling foul should stop.
Seriously, I'd love to auto-mod down folks who don't contribute jack, but cause endless heartache on endless lists. Recently a flame war errupted when someing claiming to be one of the 10 people in the world who wanted to see the kernel improve came on and said linus should stop maintaining 2.5, despite the fact he'd yet to write a line of code for the kernel.
Taking what trolls like this and the one above seriously undermines things.
The irony is that the linux camp is all for full disclosure, so RH arguably did the RIGHT thing and let us all know of a problem we wouldn't have found out about till later.
Re:Another globbing bug? (Score:1, Funny)
Re:Hypocrisy Detected!!! (Score:5, Funny)
Actually, IIS does a pretty good job of letting *everyone* remotely administer your Windows system.
Re:I've changed my mind (Score:2, Funny)
When I think of security, I think of pants. How can you be secure wearing a kilt. I mean sure sensitive areas are somewhat hidden, but not secured.
If using a product exposes holes as big as a kilt will then I want to know. Then I can change clothes or avoid windy sidewalks [takegreatpictures.com].
Definition of security thru obscurity: http://www.tuxedo.org/~esr/jargon/html/entry/secur ity-through-obscurity.html [tuxedo.org]