[linux] Doporucenie na preinstalovanie wu-ftpd

[Ing. Leopold Martinka]

Zdravim,
dnes som dostal mailom z Techrepublic toto:

NEW VULNERABILITY IN WU-FTPD

A recently found vulnerability has been confirmed in the wu-ftpd FTP
daemon. This vulnerability is remotely exploitable and can be used to
execute arbitrary code on the vulnerable FTP server.

Because wu-ftpd is such a popular and widely used FTP server, not only
for Linux but for other UNIX-derivatives like BSD systems, the security
impact is quite high. The fact that most FTP servers in use these days
provide anonymous FTP access compounds the problem. This means that a user
doesn't even have to authenticate himself or herself on the server as a
real user in order to exploit this vulnerability.

The problem is due to the "file globbing" support in wu-ftpd. This
globbing allows clients to organize files for FTP actions, such as list and
download, based on patterns. A heap corruption problem in the wu-ftpd, in
its most innocent form, will simply cause the FTP server to die with a
segfault. Unfortunately, this same corruption problem can be exploited to
run programs on the server that the user should not be permitted to
execute.

Most vendors have released updates to fix this problem quickly.
Therefore, if you are running a version of wu-ftpd installed prior to Nov.
27,
2001, you are vulnerable and need to obtain an update from your vendor.

Takze myslim, ze je vhodne stiahnut najnovsiu verziu wu-ftpd a
preinstalovat.
Najnovsia verzia je 2.6.2. Blizsie info na http://www.wu-ftpd.org.
Leos.
=========================
Ing. Leopold Martinka
ucitel informatiky,
sysadmin, webmaster
SPS stavebna Lipt. Mikulas
http://www.spsslm.sk/martinka
=========================
"Per aspera ad astra."