Bodo Bauer says:
Dear SuSE Linux user,
Netect Inc. informed the public on February, 9th 1999 about
remote buffer overflows in various FTP servers that could lead to
potential root compromise.
Affected are systems running the latest version of ProFTPD
(1.2.0pre1) or the latest version of Wuarchive ftpd
(2.4.2-academ[BETA-18]). wu-ftpd is installed and enabled by
default on SuSE Linux, if you are running inetd. One temporary
workaround against an anonymous attack is to disable any world
writable directories the user may have access to by making them
read only. If you do not need ftp services, you can safely disable
it in /etc/inetd.conf and restarting inetd.
More information about this issue can be found at the following
WWW-pages:
http://www.netect.com/news19.html
http://www.cert.org/advisories/CA-99-03-FTP-Buffer-Overflows.html
Security-updates of these packages can be found on our
ftp-Server and it’s mirrors (see http://www.suse.de/e/ftp.html for
a list of mirror sites):
for S.u.S.E. Linux 5.x (libc5):
ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.3/n1/proftpd.rpm
ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.3/n1/wuftpd.rpm
for SuSE Linux 6.0 (glibc2):
ftp://ftp.suse.com/pub/suse_update/SuSE-6.0/n1/proftpd.rpm
ftp://ftp.suse.com/pub/suse_update/SuSE-6.0/n1/wuftpd.rpm
-- Bodo Bauer S.u.S.E., Inc fon +1-510-835 7873 bb@suse.com 458 Santa Clara Avenue fax +1-510-835 7875 http://www.suse.com/~bb Oakland CA, 94610 USA http://www.suse.com