Slackware alert: wu-ftpd remote exploit patched

Posted by dave on Jun 28, 2000 1:18 AM EDT
Mailing list		Mail this story
Print this story

A remote exploit has been found in the FTP daemon, wu-ftpd. This can allow an attacker full access to your machine. 

A remote exploit has been found in the FTP daemon, wu-ftpd.  This can
allow an attacker full access to your machine.

The wu-ftpd daemon is part of the tcpip1.tgz package in the N series.  A
new tcpip1.tgz package is now available in the Slackware 7.1 tree.  We
have also provided a seperate patch package for users who have already
installed Slackware 7.1 and just want the new FTP daemon.

   =========================================
   wu-ftpd 2.6.0 AVAILABLE - (n6/tcpip1.tgz)
   =========================================

      The recent root exploit in wu-ftpd has been patched and the new
      tcpip1.tgz is in the Slackware 7.1 tree:

         ftp://ftp.slackware.com/pub/slackware/slackware-7.1/slakware/n6/

      A seperate wu-ftpd-only patch package is available in the patches/
      subdirectory:

         ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/

      All users are strongly urged to upgrade to the patched wu-ftpd
      daemon.  You only need to download one package to get the new FTP
      daemon.

      Here are the md5sums and checksums for the packages:

         1660403894 62427 ./wu-ftpd-patch.tgz
         d42c1708634232f8bc6a396827959851  ./wu-ftpd-patch.tgz

         3287743865 1017793 ./n6/tcpip1.tgz
         7aff2b13086e881a6ee029d44a448f17  ./n6/tcpip1.tgz


      INSTALLATION INSTRUCTIONS FOR THE tcpip1.tgz PACKAGE:
      ----------------------------------------------------
      If you have downloaded the new tcpip1.tgz package, you should bring
      the system into runlevel 1 and run upgradepkg on it:

         # telinit 1
         # upgradepkg tcpip1.tgz
         # telinit 3


      INSTALLATION INSTRUCTIONS FOR THE wu-ftpd-patch.tgz PACKAGE:
      -----------------------------------------------------------
      If you have downloaded the wu-ftpd-patch.tgz package, you should
      bring the system into runlevel 1 and run installpkg on it:

         # telinit 1
         # installpkg wu-ftpd-patch.tgz
         # telinit 3


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com

  Nav
» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.