From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter Novodvorsky <nidd@debian.org>
To: devel@linux.iplabs.ru
Message-ID: <20010216073449.C22039@www.logic.ru>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="ghzN8eJ9Qlbqn3iT"
Content-Disposition: inline
User-Agent: Mutt/1.3.12i
Organization: IPLabs Linux Team
X-fingerprint: 538C 881F 96C0 BC17 6745  4803 40EA 4049 C894 1ACC
Subject: [devel] Fwd: wu-ftpd advisory
Sender: devel-admin@linux.iplabs.ru
Errors-To: devel-admin@linux.iplabs.ru
X-BeenThere: devel@linux.iplabs.ru
X-Mailman-Version: 2.0
Precedence: bulk
Reply-To: devel@linux.iplabs.ru
List-Help: <mailto:devel-request@linux.iplabs.ru?subject=help>
List-Post: <mailto:devel@linux.iplabs.ru>
List-Subscribe: <http://www.logic.ru/mailman/listinfo/devel>,
	<mailto:devel-request@linux.iplabs.ru?subject=subscribe>
List-Id: IPLabs Linux Team Developers mailing list <devel.linux.iplabs.ru>
List-Unsubscribe: <http://www.logic.ru/mailman/listinfo/devel>,
	<mailto:devel-request@linux.iplabs.ru?subject=unsubscribe>
List-Archive: <http://www.logic.ru/pipermail/devel/>
X-Original-Date: Fri, 16 Feb 2001 07:34:49 +0300
Date: Fri, 16 Feb 2001 07:34:49 +0300
Archived-At: <http://lore.altlinux.org/devel/20010216073449.C22039@www.logic.ru/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--ghzN8eJ9Qlbqn3iT
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=F0=D2=C9=D7=C5=D4!

> ------
> Vulnerability found on port ftp (21/tcp)
>=20
> You are running a version of wu-ftpd which is older or
> as old as version 2.6.0.
> These versions do not sanitize the user input properly
> and allow an intruder to execute arbitrary code through
> the command SITE EXEC.
>=20
> *** Note that Nessus could not log into this server
> *** so it could not determine whether the option SITE
> *** EXEC was activated or not, so this message may be
> *** a false positive
>=20
> Solution : upgrade to wu-ftpd 2.6.1
> Risk factor : High
> CVE : CVE-2000-0573
> ------
=E2=CC=C9=CE, =C4=CF=D3=D4=C1=CC=C9!


					NIDD
--=20
/----------------------------------------------------------------------\
The Debian Project. Debian booth@Linux Expo Road Show coordinator.
Visit http://people.debian.org/~nidd/LERS-TODO.html if you're intrested.
------------------------------------------------------------------------

Real men don't take backups.
They put their source on a public FTP-server and let the world mirror it.
                                        -- Linus Torvalds


--ghzN8eJ9Qlbqn3iT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjqMrekACgkQQOpASciUGsxNBwCg6HeoVMvRhf/eg0AjIgKRT63w
exgAniXtpzTt3YPKmosrv6XIPW7riG+q
=oLB4
-----END PGP SIGNATURE-----

--ghzN8eJ9Qlbqn3iT--
_______________________________________________
Devel mailing list
Devel@linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel