[devel] Fwd: wu-ftpd advisory

Peter Novodvorsky =?iso-8859-1?q?nidd_=CE=C1_debian=2Eorg?=
Пт Фев 16 07:34:49 MSK 2001


Привет!

> ------
> Vulnerability found on port ftp (21/tcp)
> 
> You are running a version of wu-ftpd which is older or
> as old as version 2.6.0.
> These versions do not sanitize the user input properly
> and allow an intruder to execute arbitrary code through
> the command SITE EXEC.
> 
> *** Note that Nessus could not log into this server
> *** so it could not determine whether the option SITE
> *** EXEC was activated or not, so this message may be
> *** a false positive
> 
> Solution : upgrade to wu-ftpd 2.6.1
> Risk factor : High
> CVE : CVE-2000-0573
> ------
Блин, достали!


					NIDD
-- 
/----------------------------------------------------------------------\
The Debian Project. Debian booth на Linux Expo Road Show coordinator.
Visit http://people.debian.org/~nidd/LERS-TODO.html if you're intrested.
------------------------------------------------------------------------

Real men don't take backups.
They put their source on a public FTP-server and let the world mirror it.
                                        -- Linus Torvalds

----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя     : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип     : application/pgp-signature
Размер  : 240 байтов
Описание: =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Url     : <http://lists.altlinux.org/pipermail/devel/attachments/20010216/b608d188/attachment-0001.bin>


Подробная информация о списке рассылки Devel