On Wed, 24 Mar 1999 bakuat_private wrote: > if (strstr (buf, "Version wu-2.4.2-academ[BETA-18](1)")) No. Way to strict. You'll miss people who touched ftpcmd.y and recompiled: Version wu-2.4.2-academ[BETA-18](2) And you'll miss earlier versions which are vulnerable, say: Version wu-2.4.2-academ[BETA-12] And you'll miss derivatives which are vulnerable, like one of mine: Version wu-2.4.2-academ[BETA-18-VR6] > { > if (strstr (buf, "Mon Jan 18 19:19:31 EST 1999")) > printf ("%s is patched.\n", inet_ntoa (addr)); No. That's the date and time _you_ compiled the daemon. The target machine was probably compiled some other time. -- Gregory A Lundberg Senior Partner, VRnet Company 1441 Elmdale Drive lundberg+wuftpdat_private Kettering, OH 45409-1615 USA 1-800-809-2195
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:12 PDT