CRIME wu-ftpd vulnerabilities

From: nick (sendai@private)
Date: Thu Nov 29 2001 - 12:21:24 PST

Next message: Goerling, Richard J. LT (TAD to CGIC Portland): "CRIME FW: NIPC ASSESSMENT 01-028"

Previous message: Goerling, Richard J. LT (TAD to CGIC Portland): "CRIME FW: NIPC Daily Report, 29 November 2001"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In case anyone out there does not yet know, DO NOT INSTALL THE DEFAULT FTP SERVER IN LINUX!  Wu-FTPd has been the IIS of the Linux world with no less 13 vulnerabilities in the last two years.  If you do use Wu-FTPd then turn off anonymous access.

The report mentioned that exploit is thought to be in underground community already, but I can verify that it is definitely out there and has been for at least 6 weeks.  This is a huge hole and WILL be exploited if you leave it open.

Next message: Goerling, Richard J. LT (TAD to CGIC Portland): "CRIME FW: NIPC ASSESSMENT 01-028"
Previous message: Goerling, Richard J. LT (TAD to CGIC Portland): "CRIME FW: NIPC Daily Report, 29 November 2001"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:35:55 PDT