[ISN] Servers Left Vulnerable By Early Patch Release

From: InfoSec News (isnat_private)
Date: Thu Nov 29 2001 - 01:00:20 PST

  • Next message: InfoSec News: "[ISN] 167 Firms Offer Security Help to GSA"

    By Steven Bonisteel, Newsbytes
    28 Nov 2001, 4:51 PM CST
    A coordinated effort by multiple vendors to plug a security hole in
    software found on many Internet servers went off the rails this week
    when one of the vendors, open- source Linux bundler Red Hat, released
    information on its fix ahead of schedule.
    Red Hat's Mark Cox, senior director of engineering, told Newsbytes
    that his company has been apologizing to other vendors who were caught
    off guard by the early release of a patch for a file transfer protocol
    (FTP) server called Wu-Ftpd - a well-known workhorse behind many
    online software repositories and the file- transfer doorway to
    numerous Web sites.
    The problem with Red Hat's early release Tuesday, security experts
    said, was that a close examination of the source-code patch affords
    savvy hackers a roadmap to the FTP server's vulnerability, which
    happens to be one that could allow a malicious individual unfettered
    access to the Linux-based systems on which it usually runs.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 13:14:11 PST