|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)
From: Przemyslaw Frasunek (venglin
FREEBSD.LUBLIN.PL)Date: Sat Jun 24 2000 - 02:09:16 CDT
- Next message: Frank da Cruz: "Re: [Stan Bubrouski <satanFASTDIAL.NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]]"
- Previous message: Przemyslaw Frasunek: "Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed"
- In reply to: Security: "CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)"
- Reply: Przemyslaw Frasunek: "Re: CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> This is a new release. Our previous -10cl didn't fix the problem.
> wu-ftpd package version 2.6.0 and below has a buffer overflow that can
> be remotely exploited and give an attacker root privileges on the
> remote machine.
This advisory is clueless. This is *NOT* a buffer overflow attack. Exploit uses
vsnprintf() format string to overwrite *arbitrary* chunk of stack or bss.
-- * Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE * * Inet: venglin
- Next message: Frank da Cruz: "Re: [Stan Bubrouski <satanFASTDIAL.NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]]"
- Previous message: Przemyslaw Frasunek: "Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed"
- In reply to: Security: "CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)"
- Reply: Przemyslaw Frasunek: "Re: CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]