Re: wu-ftpd exploit and patch I got, debs too

To: Debian User <debian-user@lists.debian.org>
Subject: Re: wu-ftpd exploit and patch I got, debs too
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 29 Nov 2001 03:14:01 -0600
Message-id: <[🔎] 20011129031401.A10452@debian.org>
Mail-followup-to: Colin Watson <cjwatson@debian.org>, Debian User <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20011128215729.C2390@brie.com>; from brian@brie.com on Wed, Nov 28, 2001 at 09:57:29PM -0800
References: <[🔎] 20011128215729.C2390@brie.com>

On Wed, Nov 28, 2001 at 09:57:29PM -0800, Brian Lavender wrote:
> A friend of mine emailed me this glob.c patch for the recent wu-ftpd
> exploit.  I don't understand how the exploit works, but I am sure someone
> will tell me if this patch gaurds against it. The only other patch out
> there seems to be the Dead Rat src rpm, so I'll post what I found. I also
> used the patch build Debian packages, so if you are running Debian, you
> can use my Debian packages.  Use them at your own risk though.

A fix is in incoming (http://incoming.debian.org/) for both stable and
unstable. Take the appropriate one. As usual when downloading from
incoming, though, it's at your own risk, and you should verify that the
GPG signature on the .changes file was made by a key on the Debian
keyring.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- wu-ftpd exploit and patch I got, debs too
  - From: Brian Lavender <brian@brie.com>

Prev by Date: Re: Stil having mail problems
Next by Date: Re: openssh can't connect..
Previous by thread: wu-ftpd exploit and patch I got, debs too
Next by thread: Re: kmail setup
Index(es):
- Date
- Thread