--UugvWAfsgieZRqgk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi,

On Thu, Nov 29, 2001 at 02:28:27PM -0500, Steve Bellovin wrote:
> There's been a fair amount of discussion on bugtraq about a security=20
> hole in wu-ftpd.  It's not part of NetBSD, but it is in the package=20
> collection and it's pretty popular...

the interesting point is that this bug is quite old.. see:

 http://www.securityfocus.com/archive/82/180823

 To: Vuln-Dev
 Subject: some ftpd implementations mishandle CWD ~{
 Date: Apr 30 2001 9:00PM
 Author: Matt Power <mhpower@bos.bindview.com>

anyway, i wonder who can still use wu-ftpd after all those remote exploitab=
le
root bugs they had introduced.

regards,

--=20
-- Lubomir Sedlacik <salo@Xtrmntr.org>   ASCII Ribbon campaign against  /"\=
 --
--                  <salo@silcnet.org>   e-mail in gratuitous HTML and  \ /=
 --
--                                       Microsoft proprietary formats   X =
 --
-- PGPkey: http://Xtrmntr.org/salo.pgp                                  / \=
 --
-- Key Fingerprint: DBEC 8BEC 9A90 ECEC 0FEF  716E 59CE B70B 7E3B 70E2     =
 --

--UugvWAfsgieZRqgk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8Bs2TWc63C347cOIRAgrfAJ9QQ/lC7Til/LAHsgRjSadelXfnaACffE9J
575iWV6ImeT40bhJI4JtLqE=
=gpuL
-----END PGP SIGNATURE-----

--UugvWAfsgieZRqgk--