On Wed, Oct 20, 1999 at 03:16:51PM -0700, Richard Trott wrote: > > WU-FTPD and BeroFTPD > > > > Vulnerability #1: > > > > Not vulnerable: > > versions 2.4.2 and all betas and earlier versions > > Vulnerable: > > wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15 > > wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17 > > wu-ftpd-2.5.0 > > BeroFTPD, all versions > > CERT appears to have left out wu-ftpd-2.6.0 (although they included it in > the lists for the other two vulnerabilities). > > Version 2.6.0 does *not* have the "MAPPING_CHDIR Buffer Overflow" > vulnerability, at least if the ANNOUNCE-RELEASE file for that version is > to be believed. It reads, in part: > > "Corrected an error in the MAPPING_CHDIR feature which could be used to > gain root privileges on the server." > > Presumably, this refers to this vulnerability. Mia culpa. -- Gregory A Lundberg Senior Partner, VRnet Company 1441 Elmdale Drive lundbergat_private Kettering, OH 45409-1615 USA 1-800-809-2195
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:32 PDT