[Prev][Next][Index][Thread]
Slackware bashing (fwd)
Slack/RedHat fights are going on on other lists... this time about
security patches updates. WU-ftp has a huge security hole, if you guys
don't know, and it appears Slackware HAS beat Redhat to it this time,
though :-)
---------- Forwarded message ----------
Date: Wed, 8 Jan 1997 17:42:44 -0500 (EST)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: linuxisp@friendly.jeffnet.org
Subject: Slackware bashing
Resent-Date: Wed, 8 Jan 1997 14:48:55 -0800
Resent-From: linuxisp@friendly.jeffnet.org
Looks like some of us have not used a recent slackware for so long we
don't know what we're talking about. I was just looking into my FTP
server (wondering where the disk space is going) and noticed that my
Slackware mirror brought in some new files a few nights ago...one of them
was this:
-----
Reports on the Bugtraq last have indicated that wu-ftpd contains a
security hole which can allow ftp users (including anonymous users) to
access files as root. The wu-ftpd.tgz package contains a replacement for
the /usr/sbin/wu.ftpd binary patched to fix the hole. To install it, use
the 'installpkg' utility as root:
installpkg wu-ftpd.tgz
You may wish to switch to runlevel 1 (telinit 1) before using installpkg
to ensure that no one is using your existing wu.ftpd.
-----------------------------------------------
MD5 sums:
484ea205d7b05d69bdd0be5af2013119 wu-ftpd-2.4-slacksrc.tar.gz
ea343c5ac8cded713cf541de068a30de wu-ftpd.tgz
-----
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/hr.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______