netbsd-users: Re: wu-ftpd has a security hole

Subject: Re: wu-ftpd has a security hole
To: Steve Bellovin <smb@research.att.com>
From: David Brownlee <abs@netbsd.org>
List: netbsd-users
Date: 11/30/2001 12:33:39

	wu-ftpd-2.6.1nb1 committed to pkgsrc - contains the globfix,
	and verified to remove the vulnerability on a RedHat 5.0 system
	(All of my NetBSD boxes run the NetBSD ftpd)

-- 
		David/absolute		-- www.netbsd.org: No hype required --



On Thu, 29 Nov 2001, David Brownlee wrote:

> 	wu have patches available - if noone else gets to it I'll try to
> 	have a look tomorrow (I have a redhat 5 box that runs pkgsrc
> 	that needs updated :)
>
> On Thu, 29 Nov 2001, Steve Bellovin wrote:
>
> > There's been a fair amount of discussion on bugtraq about a security
> > hole in wu-ftpd.  It's not part of NetBSD, but it is in the package
> > collection and it's pretty popular...
> >
> > 		--Steve Bellovin, http://www.research.att.com/~smb
> > 		Full text of "Firewalls" book now at http://www.wilyhacker.com
> >
> >
> >
>
>