http://www.newsbytes.com/news/01/172504.html By Steven Bonisteel, Newsbytes RESEARCH TRIANGLE PARK, NORTH CAROLINA, U.S.A., 28 Nov 2001, 4:51 PM CST A coordinated effort by multiple vendors to plug a security hole in software found on many Internet servers went off the rails this week when one of the vendors, open- source Linux bundler Red Hat, released information on its fix ahead of schedule. Red Hat's Mark Cox, senior director of engineering, told Newsbytes that his company has been apologizing to other vendors who were caught off guard by the early release of a patch for a file transfer protocol (FTP) server called Wu-Ftpd - a well-known workhorse behind many online software repositories and the file- transfer doorway to numerous Web sites. The problem with Red Hat's early release Tuesday, security experts said, was that a close examination of the source-code patch affords savvy hackers a roadmap to the FTP server's vulnerability, which happens to be one that could allow a malicious individual unfettered access to the Linux-based systems on which it usually runs. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 13:14:11 PST