Re: [Cooker] wu-ftpd exploit/package upgrade
On Tue, 27 Jun 2000, Vincent Danen wrote: On Tue, Jun 27, 2000 at 01:25:11AM -0500, Jean-Michel Dault wrote: Can't we go with ProFTPD instead? Or even BSD FTPD. I don't particularly like wu. If you want, visit ftp.freezer-burn.org/pub/custom/proftpd and you will find Mandrake RPMs for ProFTPD. Works awesome. I've stopped using wu-ftpd ever since I built those RPMs. I suggest putting wu-ftpd in the contribs and putting ProFTPD in the main distro. I agree heartily. ProFTPD is *much* nicer... ever since I started using it, it has worked flawlessly and the configuration is much more versatile than wu-ftpd. I vote for this. =) -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net Freezer Burn BBS: telnet://bbs.freezer-burn.org . ICQ: 54924721 Webmaster for the Linux Portal Site Freezer Burn: http://www.freezer-burn.org Current Linux uptime: 1 days 16 hrs and 10 mins. Another vote for proftpd from myself. It's much more robust, secure, the configuration file is great and just about anyone can work with it, and the options(directives) are endless. wu.ftpd is a dying beast, move on : ) -- Bryan Paxton "How should I know if it works? That's what beta testers are for. I only coded it." -- Linus Torvalds. Public key can be found at http://speedbros.org/Bryan_Paxton.asc
RE: [Cooker] wu-ftpd exploit/package upgrade
I stumbled across the Linux port of the BSD ftpd. He's got SRPMs up for download. http://www.eleves.ens.fr:8080/home/madore/programs/#prog_ftpd-BSD Haven't used it, although I'm about to try it out. Don Head [[EMAIL PROTECTED]] Linux Mentor [1 314 692-1942] Wave Technologies, Inc. [1 800 826-4640 x1942] [AIM - Don Wave][ICQ - 18804935][Yahoo - Don_Wave] -Original Message- From: Vincent Danen [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2000 11:09 AM To: Mandrake Cooker Mailing List Subject: Re: [Cooker] wu-ftpd exploit/package upgrade On Tue, Jun 27, 2000 at 01:25:11AM -0500, Jean-Michel Dault wrote: Can't we go with ProFTPD instead? Or even BSD FTPD. I don't particularly like wu. If you want, visit ftp.freezer-burn.org/pub/custom/proftpd and you will find Mandrake RPMs for ProFTPD. Works awesome. I've stopped using wu-ftpd ever since I built those RPMs. I suggest putting wu-ftpd in the contribs and putting ProFTPD in the main distro. I agree heartily. ProFTPD is *much* nicer... ever since I started using it, it has worked flawlessly and the configuration is much more versatile than wu-ftpd. I vote for this. =) -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net Freezer Burn BBS: telnet://bbs.freezer-burn.org . ICQ: 54924721 Webmaster for the Linux Portal Site Freezer Burn: http://www.freezer-burn.org Current Linux uptime: 1 days 16 hrs and 10 mins.
Re: [Cooker] wu-ftpd exploit/package upgrade
On Wed, Jun 28, 2000 at 03:29:38PM -0500, Don Head wrote: I stumbled across the Linux port of the BSD ftpd. He's got SRPMs up for download. http://www.eleves.ens.fr:8080/home/madore/programs/#prog_ftpd-BSD Haven't used it, although I'm about to try it out. Let me know what you think of it, and if it's worth making a Mandrake RPM for. -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net Freezer Burn BBS: telnet://bbs.freezer-burn.org . ICQ: 54924721 Webmaster for the Linux Portal Site Freezer Burn: http://www.freezer-burn.org Current Linux uptime: 4 days 17 hrs and 49 mins.
Re: [Cooker] wu-ftpd exploit/package upgrade
On Tue, Jun 27, 2000 at 01:25:11AM -0500, Jean-Michel Dault wrote: Can't we go with ProFTPD instead? Or even BSD FTPD. I don't particularly like wu. If you want, visit ftp.freezer-burn.org/pub/custom/proftpd and you will find Mandrake RPMs for ProFTPD. Works awesome. I've stopped using wu-ftpd ever since I built those RPMs. I suggest putting wu-ftpd in the contribs and putting ProFTPD in the main distro. I agree heartily. ProFTPD is *much* nicer... ever since I started using it, it has worked flawlessly and the configuration is much more versatile than wu-ftpd. I vote for this. =) -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net Freezer Burn BBS: telnet://bbs.freezer-burn.org . ICQ: 54924721 Webmaster for the Linux Portal Site Freezer Burn: http://www.freezer-burn.org Current Linux uptime: 1 days 16 hrs and 10 mins.
[Cooker] wu-ftpd exploit/package upgrade
I just thought I'd see if there was an upgrade planned for wu-ftpd, following the recent exploit that's all over BugTraq. Most of the other distros have responded, including Red Hat, but I haven't heard anything yet from the Mandrake front. Don Head Linux Mentor Wave Technologies, Inc. [EMAIL PROTECTED]
Re: [Cooker] wu-ftpd exploit/package upgrade
Don Head [EMAIL PROTECTED] writes: I just thought I'd see if there was an upgrade planned for wu-ftpd, following the recent exploit that's all over BugTraq. Most of the other distros have responded, including Red Hat, but I haven't heard anything yet from the Mandrake front. it's only affect version = 2.5 and for 6.x we already an upgrade to 2.6 (and since 7.x we use 2.6) . -- MandrakeSoft Inchttp://www.mandrakesoft.com San-Francisco, CA USA --Chmouel
Re: [Cooker] wu-ftpd exploit/package upgrade
On 25 Jun 2000, Chmouel Boudjnah wrote: Don Head [EMAIL PROTECTED] writes: I just thought I'd see if there was an upgrade planned for wu-ftpd, following the recent exploit that's all over BugTraq. Most of the other distros have responded, including Red Hat, but I haven't heard anything yet from the Mandrake front. it's only affect version =3D 2.5 and for 6.x we already an upgrade to 2.6 (and since 7.x we use 2.6) . No! *** 2.6 is still affected! You should react as fast as possible. Different ways of bugfixes were sent on bugtraq. Excerpt of bugtraq exploit posting: On Fri, 23 Jun 2000, tf8 wrote: /* - wuftpd2600.c * VERY PRIVATE VERSION. DO NOT DISTRIBUTE. 15-10-1999 * * WUFTPD 2.6.0 REMOTE ROOT EXPLOIT * by tf8 * * *NOTE*: For ethical reasons, only an exploit for 2.6.0 will be * released (2.6.0 is the most popular version nowadays), and it * should suffice to proof this vulnerability concept. * * Site exec was never really *fixed* * * Greetz to portal (he is elite!#%$) and all #!security.is, glitch, DiGit, *\x90, venglin, xz, MYT and lamagra. * Also greetings go to the WU-FTPD development team for including this *bug in ALL their versions. * * Fuck to wuuru (he is an idiot) * * Account is not required, anonymous access is enough :) * * BTW, exploit is broken to avoid kids usage ;) * * VERY PRIVATE VERSION. DO NOT DISTRIBUTE. 15-10-1999 */ - Sending unsolicited commercial email to this address may be a violation of the Washington State Consumer Protection Act, chapter 19.86 RCW. Das Verschicken unverlangter kommerzieller email an diese Adresse ist verboten (LG Traunstein, 2 HK O 3755/97 vom 14.10.1997, CR 1998, 171f). (Frank Meurer, [EMAIL PROTECTED], PGP ID: 0x5E756DA8)
Re: [Cooker] wu-ftpd exploit/package upgrade
Frank Meurer [EMAIL PROTECTED] writes: I just thought I'd see if there was an upgrade planned for wu-ftpd, following the recent exploit that's all over BugTraq. Most of the other distros have responded, including Red Hat, but I haven't heard anything yet from the Mandrake front. it's only affect version =3D 2.5 and for 6.x we already an upgrade to 2.6 (and since 7.x we use 2.6) . No! *** 2.6 is still affected! You should react as fast as possible. yup right, we will do an upgrade soon. -- MandrakeSoft Inchttp://www.mandrakesoft.com San-Francisco, CA USA --Chmouel
