the problem with simply updating to the latest rpms is the switch from
inetd to xinetd and other misc config problems that the rpms will bring
out. granted i can upgrade a handful of packages, and maybe that's the
safest choice, but i'd still be interested in knowing if
wu-ftpd-2.6.0-2.5.x is vulnerable to the attack or not / if that patch is
the one that fixes 2.6.0.
-tcl.
On Thu, 18 Jan 2001, Michael H. Warfield wrote:
> On Thu, Jan 18, 2001 at 07:56:13PM -0500, tc lewis wrote:
>
> > does anyone know specifically what patch to 2.6.0 takes care of this
> > problem? i see a "wu-ftpd-2.6.0-security.patch" in the source rpms. is
> > that the one, or is it something else?
>
> > the reason i'm asking is because one of my machines runs redhat 5.2 yet.
> > i have wu-ftpd-2.6.0-2.5.x (from 5.2 updates) on there right now, which
> > appears to include the same "wu-ftpd-2.6.0-security.patch" file as
> > wu-ftpd-2.6.0-14.6x (from 6.2 updates) does, but not some of the others.
>
> 1) Update to the latest... Don't quible about this or that.
>
> 2) The worm is very anal about what it triggers on. It triggers
> on the date in the ftp banner. If you are anything OTHER than the release
> that is in 6.2 OOB or 7.0 First Edition OOB you are safe, not because you
> can not be exploited but because this worm doesn't know what to do with
> the date in that ftp banner. Small comfort. Next cut may include your
> date.
>
> LESSON: Doesn't MATTER! Get the latest or shut it down!
>
> > -tcl.
>
> Mike
> --
> Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
> (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list