Vulnerabilities exist in wu-ftpd, BeroFTPD and ProFTPdAug 29, 1999, 13:34 (1 Talkback[s])
(Other stories by Dave Whitinger)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
BUGTRAQ is alive with exploits and vendor announcements about these vulnerabilities.
Alex Yu (for wu-ftpd) wrote in a recent message that wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15, wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17, and wu-ftpd-2.5.0 are known to be vulnerable.
BeroFTPD, all present versions.
Additionally, an exploit has been posted for ProFTPD.
Vendor packages should be released soon. In the meantime, you may consider disabling your ftp daemon for now, by commenting out the line in /etc/inetd.conf, and restarting inetd with 'killall -HUP inetd'.
0 Talkback[s] (click to add your comment)