Vulnerabilities exist in wu-ftpd, BeroFTPD and ProFTPdAug 29, 1999, 13:34 (1 Talkback[s])
(Other stories by Dave Whitinger)
BUGTRAQ is alive with exploits and vendor announcements about these vulnerabilities.
Alex Yu (for wu-ftpd) wrote in a recent message that wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15, wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17, and wu-ftpd-2.5.0 are known to be vulnerable.
BeroFTPD, all present versions.
Additionally, an exploit has been posted for ProFTPD.
Vendor packages should be released soon. In the meantime, you may consider disabling your ftp daemon for now, by commenting out the line in /etc/inetd.conf, and restarting inetd with 'killall -HUP inetd'.
0 Talkback[s] (click to add your comment)