similar to: Warning regarding new kernel RPMs

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: remote root exploit (SITE EXEC) fixed Advisory ID: RHSA-2000:039-02 Issue date: 2000-06-23 Updated on: 2000-06-23 Product: Red Hat Linux Keywords: wu-ftpd, root exploit, site exec, buffer overrun Cross references: N/A

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: wu-ftpd vulnerability Advisory number: CSSA-2000-020.0 Issue date: 2000 June, 23 Cross reference: ______________________________________________________________________________ 1. Problem Description There is

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: --------------------------------------------------------------------- 1. Topic: Various computer security groups have

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: screen defaults to not using Unix98 ptys Advisory ID: RHSA-1999:042-01 Issue date: 1999-10-20 Updated on: Keywords: Cross references: screen unix98 pty permissions --------------------------------------------------------------------- 1. Topic: Screen uses ptys with world

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: - --------------------------------------------------------------------- 1. Topic:

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-99:03 Security Advisory FreeBSD, Inc. Topic: Three ftp daemons in ports vulnerable to attack. Category: ports Module: wu-ftpd and proftpd

Package: logcheck Version: 1.2.69 Severity: normal In the file /etc/logcheck/ignore.d.server/wu-ftpd ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$ should be ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd\[[0-9]{4}\]: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$ There is a number after "wu-ftpd" -- System

After installing redhat4.1 I found that a few serious bug fixes announced in Jan 97 was not included in the distribution. First of them -- a SERIOUS SECURITY BUG in wu-ftpd allowing any user gain a root acces to files. Patch was posted in redhat-announce list and included in wu-ftpd-2.4.2b11-9. Second: a bug in wu-ftpd -- ftpd doesn''t perform any log for real user and ignores

---------- Forwarded message ---------- Date: Fri, 22 Oct 1999 20:30:27 -0700 (PDT) From: David Cantrell <david@slackware.com> To: slackware-security@slackware.com Subject: CA-99-13: wu-ftpd upgrade available ATTENTION: All users of Slackware 4.0 and Slackware-current REGARDING: CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD The recent CERT advisory reporting multiple

-----BEGIN PGP SIGNED MESSAGE----- ##### ## ## ###### ## ### ## ## ##### ## # ## ## ## ## ### ## ##### . ## ## . ###### . Secure Networks Inc. Security Advisory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: local ROOT exploit in BRU Advisory number: CSSA-2000-018.0 Issue date: 2000 June, 14 Cross reference: ______________________________________________________________________________ 1. Problem Description

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-99:03 Security Advisory FreeBSD, Inc. Topic: Two ftp daemons in ports vulnerable to attack. Category: ports Module: wu-ftpd and proftpd

Package: logcheck-database Version: 1.2.61 Severity: wishlist File: /etc/logcheck/ignore.d.server/proftpd Two weeks ago, I got a rush of these: Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd (Apparently, fail2ban managed to miss those.) This is triggered by pam_listfile, which is used by proftpd (and other FTP daemons) to block users listed in

On Fri, 7 May 1999 jlewis@lewis.org wrote: > # ldd ./ls > /lib/libNoVersion.so.1 => /lib/libNoVersion.so.1 (0x40014000) > libc.so.6 => /lib/libc.so.6 (0x4001c000) > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) > > I''ve never heard of libNoVersion. All the /home/ftp/bin stuff in 6.0 uses > it...but it doesn''t exist.

On Mon, 22 Nov 1999, Philip Brown wrote: > [ Marc G. Fournier writes ] > > debug("PAM_retval(open_session) about to run"); > > pam_retval = pam_open_session((pam_handle_t *)pamh, 0); > > > > > =========================================== > > > > so, its looking like I'm authenticated properly, but when trying to set up > > the

Hi! I'm kind new to linux, I just got my server with CentOS 3.1 installed I'm trying to install a ftp server to upload files, but the wu-ftpd 2.6.2 doesn't work with autoconfigure nor with ./build lnx ./build install got error missing bin/ftpd can you tell me step by step howto install o should I user another ftp server... thanks for your help Fernando

<FONT face="Default Sans Serif, Verdana, Arial, Helvetica, sans-serif" size=2><DIV>I''m getting requests in increasing regularity for secure file transfers.&nbsp; We''ve been a happy wu-ftpd user for a couple of years, and although wu-ftpd offers a rock solid ftp server, it doesn''t appear to have hooks for secure/encrypted transfers.&nbsp;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: DoS on gpm Advisory number: CSSA-2000-024.0 Issue date: 2000 July, 6 Cross reference: ______________________________________________________________________________ 1. Problem Description There are security

Hello. I'm administrating a CentOS 3.8 linux system (RHEL3) and I just replaced the imap-2002d-12 package that came with the system, with a dovecot 1.01 package I obtained through the dovecot home page. The problem I have, is that many of my POP3 users have jailed user accounts set up through wu-ftpd, where the dir field is of the form /home/group/./pop/user, and wu-ftpd chroots them from

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ Linux-Mandrake Security Update Advisory ________________________________________________________________________ Package name: Zope Date: July 28th, 2000 Advisory ID: MDKSA-2000:026 Affected versions: 7.1