CRIME wu-ftpd vulnerabilities

From: nick (sendai@private)
Date: Thu Nov 29 2001 - 12:21:24 PST

  • Next message: Goerling, Richard J. LT (TAD to CGIC Portland): "CRIME FW: NIPC ASSESSMENT 01-028"

    In case anyone out there does not yet know, DO NOT INSTALL THE DEFAULT FTP SERVER IN LINUX!  Wu-FTPd has been the IIS of the Linux world with no less 13 vulnerabilities in the last two years.  If you do use Wu-FTPd then turn off anonymous access.
    
    The report mentioned that exploit is thought to be in underground community already, but I can verify that it is definitely out there and has been for at least 6 weeks.  This is a huge hole and WILL be exploited if you leave it open.
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:35:55 PDT