![[LWN Logo]](/images/lwn.banner.gif)
Date: Thu, 21 Oct 1999 17:04:04 -0600 (MDT)
From: Dan Burcaw <dburcaw@terraplex.com>
To: lwn@lwn.net, news@macintouch.com, jdawg@penguinppc.org,
Subject: SECURITY: wu-ftpd
The Yellow Dog Linux Security Team has released an update to the wu-ftpd
(Washington University FTP daemon) program.
Package: wu-ftpd
Date: October 21, 1999
Problem:
Several new security vulnerabilities have been discovered in
wu-ftpd and derived ftp daemons. Remote and local intruders may be
able exploit these vulnerabilities to execute arbitrary code as
the user running the ftpd daemon, usually root. Remote and local
intruders who can connect to the FTP server can also cause the server to
consume excessive amounts of memory, preventing normal system operation.
If intruders can create files on the system, they may be able exploit this
vulnerability to execute arbitrary code as the user running the ftpd
daemon, usually root.
wu-ftpd is not the default FTP daemon shipped with Yellow Dog Linux but
since it is included in the "Extras", we're making this update available.
Terra Soft recommends that users who chose to run wu-ftpd apply this
upgrade as soon as possible.
Urgency: HIGH
Solution: rpm -Uvh
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/extras/RPMS/wu-ftpd-2.6.0-1a.ppc.rpm
Be sure to restart inetd once you have upgraded your ftp server. You can
do this by executing the following as root: /etc/rc.d/init.d/inet restart
For more information, see our Errata and Updates page at:
http://www.yellowdoglinux.com/resources/errata.shtml
Regards,
Yellow Dog Linux Security Team
Terra Soft Solutions, Inc.
security@yellowdoglinux.com