Date: Thu, 21 Oct 1999 17:04:04 -0600 (MDT) From: Dan Burcaw <dburcaw@terraplex.com> To: lwn@lwn.net, news@macintouch.com, jdawg@penguinppc.org, Subject: SECURITY: wu-ftpd The Yellow Dog Linux Security Team has released an update to the wu-ftpd (Washington University FTP daemon) program. Package: wu-ftpd Date: October 21, 1999 Problem: Several new security vulnerabilities have been discovered in wu-ftpd and derived ftp daemons. Remote and local intruders may be able exploit these vulnerabilities to execute arbitrary code as the user running the ftpd daemon, usually root. Remote and local intruders who can connect to the FTP server can also cause the server to consume excessive amounts of memory, preventing normal system operation. If intruders can create files on the system, they may be able exploit this vulnerability to execute arbitrary code as the user running the ftpd daemon, usually root. wu-ftpd is not the default FTP daemon shipped with Yellow Dog Linux but since it is included in the "Extras", we're making this update available. Terra Soft recommends that users who chose to run wu-ftpd apply this upgrade as soon as possible. Urgency: HIGH Solution: rpm -Uvh ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/extras/RPMS/wu-ftpd-2.6.0-1a.ppc.rpm Be sure to restart inetd once you have upgraded your ftp server. You can do this by executing the following as root: /etc/rc.d/init.d/inet restart For more information, see our Errata and Updates page at: http://www.yellowdoglinux.com/resources/errata.shtml Regards, Yellow Dog Linux Security Team Terra Soft Solutions, Inc. security@yellowdoglinux.com