|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Saturday, 28 August 1999||Author: Rob Thomas|
|Published to: Headline News/Security||Page: 1/1 - [Std View]|
Vulnerabilities in wu-ftpd
Almost all current versions of wu-ftpd are vulnerable to a buffer overflow attack.
Malicious users may gain root privileges both locally and remotely. The following versions are known to be affected:
wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15 wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17 wu-ftpd-2.5.0
BeroFTPD, all present versions
The WU-FTPD Development Group recommends that all users upgrade to version 2.5.0 and apply a special security patch in the process. This will ensure that your system cannot be exploited. You may find a patch at The WU-FTPD FTP site.
NOTE: This is not the same vulnerability that was publicized last may with versions 2.4.2 beta [15-18].
Anyone with questions should visit the WU-FTPD site at http://www.wu-ftpd.org.