![[LWN Logo]](/images/lwn.banner.gif)
Date: Thu, 18 Feb 1999 10:11:17 -0800 From: Bodo Bauer <bb@suse.com> To: suse-announce-e@suse.com Subject: [S.u.S.E. Announce] FTP buffer overflows Dear SuSE Linux user, Netect Inc. informed the public on February, 9th 1999 about remote buffer overflows in various FTP servers that could lead to potential root compromise. Affected are systems running the latest version of ProFTPD (1.2.0pre1) or the latest version of Wuarchive ftpd (2.4.2-academ[BETA-18]). wu-ftpd is installed and enabled by default on SuSE Linux, if you are running inetd. One temporary workaround against an anonymous attack is to disable any world writable directories the user may have access to by making them read only. If you do not need ftp services, you can safely disable it in /etc/inetd.conf and restarting inetd. More information about this issue can be found at the following WWW-pages: http://www.netect.com/news19.html http://www.cert.org/advisories/CA-99-03-FTP-Buffer-Overflows.html Security-updates of these packages can be found on our ftp-Server and it's mirrors (see http://www.suse.de/e/ftp.html for a list of mirror sites): for S.u.S.E. Linux 5.x (libc5): ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.3/n1/proftpd.rpm ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.3/n1/wuftpd.rpm for SuSE Linux 6.0 (glibc2): ftp://ftp.suse.com/pub/suse_update/SuSE-6.0/n1/proftpd.rpm ftp://ftp.suse.com/pub/suse_update/SuSE-6.0/n1/wuftpd.rpm -- Bodo Bauer S.u.S.E., Inc fon +1-510-835 7873 bb@suse.com 458 Santa Clara Avenue fax +1-510-835 7875 http://www.suse.com/~bb Oakland CA, 94610 USA http://www.suse.com -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-announce-e