“This week, several other vendors released patches for the
wu-ftp vulnerability. If you’re not already familiar with this
problem, it exists in wu-ftpd’s handling of the SITE EXEC command.
The default configuration of wu-ftpd is vulnerable to remote users
gaining root access. Also, SuSE released a kernel update to fix the
capabilities problem in 2.2.x <
2.2.16.“
“In the news, the article “Securing Your Web Pages with Apache,”
provides helpful information for users who wish to implement
Apache’s access control methods. It covers authentication,
authorisation, IP restriction, labeling, inheritance, and other
methods. If you have any outstanding questions regarding Apache’s
security model, this may be just the article for you.”
“Our feature this week, “Simple Commands for Intrusion
Detection,” by Benjamin Thomas, explains how the use the Linux
commands: w, who finger, last, ps, and ifconfig as a first step
toward intrusion detection. Although this feature is targeted
toward security newbies, seasoned security gurus may find it
helpful.”