Re: WUftp scanner

From: Gregory A Lundberg (lundberg+wuftpdat_private)
Date: Thu Mar 25 1999 - 19:25:39 PST

Next message: Scott Stone: "Re: WUftp scanner"

Previous message: Roberto Grassi: "Re: FrontPage + Apache + FreeBSD"
Maybe in reply to: bakuat_private: "WUftp scanner"
Next in thread: Scott Stone: "Re: WUftp scanner"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 24 Mar 1999 bakuat_private wrote:

>   if (strstr (buf, "Version wu-2.4.2-academ[BETA-18](1)"))

No.  Way to strict.  You'll miss people who touched ftpcmd.y and
recompiled:
  Version wu-2.4.2-academ[BETA-18](2)
And you'll miss earlier versions which are vulnerable, say:
  Version wu-2.4.2-academ[BETA-12]
And you'll miss derivatives which are vulnerable, like one of mine:
  Version wu-2.4.2-academ[BETA-18-VR6]

>     {
>       if (strstr (buf, "Mon Jan 18 19:19:31 EST 1999"))
> 	printf ("%s is patched.\n", inet_ntoa (addr));

No.  That's the date and time _you_ compiled the daemon.  The target
machine was probably compiled some other time.

--

Gregory A Lundberg              Senior Partner, VRnet Company
1441 Elmdale Drive              lundberg+wuftpdat_private
Kettering, OH 45409-1615 USA    1-800-809-2195

Next message: Scott Stone: "Re: WUftp scanner"
Previous message: Roberto Grassi: "Re: FrontPage + Apache + FreeBSD"
Maybe in reply to: bakuat_private: "WUftp scanner"
Next in thread: Scott Stone: "Re: WUftp scanner"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:12 PDT