On Thu, Jan 18, 2001 at 03:58:54PM +0100, Leonard den Ottolander wrote:
> Hi Mike,
> > The reason that the article states that it can affect 7.0 is that 7.0
> > ships with wu-ftpd 2.6.0, and the earlier version of rpc.statd.
> Well, my RedHat 7.0 came with wu-ftpd-2.6.1-6 (this is not the respin). I
> guess for 7.0 only the rpc.statd is an issue.
Not according to some analysis I've seen on Incidents. The
worm specifically checks banners coming back from port 21 and has a
very specific script targeted for RedHat 7.0. Yes, I checked my copy
of the first edition RedHat 7.0 and can confirm that it contains
wu-ftpd-2.6.1-6. There is a big debate on right now as to whether
there is one version of this worm or two and whether the second one
is exploiting LPRng from 7.0 first edition. The captured specimens
certainly THINK they can infect RedHat 7.0 systems. Anyone with a
compromised 7.0 system who can confirm this?
> Bye,
>
> Leonard.
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
