linuxtoday cracked
Lincoln Peters
lincoln_peters at hotmail.com
Thu Nov 29 20:16:29 PST 2001
On Tuesday at about 6:30pm, I received a Red Hat Network alert about an
overflowable buffer in wu-ftpd, and an available patch. If linuxtoday was
using wu-ftpd, they could have been attacked using that vulnerability. (but
what would they use FTP for?)
I have a cron job on my home computer (RedHat 7.2) to download RHN updates
every Sunday at midnight, but if I were running linuxtoday or any other such
service, I'd be inclined to set up a similar cron job to run _every day_. I
don't know much about other distributions, but I think that Debian's apt-get
can also do this.
By the way, Cyrus SASL also has a vulnerability that I heard about in
another RHN alert at 2:00pm this afternoon.
>From: troy <fryman at sonic.net>
>Reply-To: <talk at nblug.org>
>To: talk at nblug.org
>Subject: linuxtoday cracked
>Date: Thu, 29 Nov 2001 18:51:34 -0800
>
>So, yesterday about 16:30 PST, i saw this:
>
>http://www.sonic.net/~fryman/linuxtoday_com.html
>
>as linuxtoday's front page. It's back to normal today and i'm kinda
>surprised not to see any news of the compromise. Has anyone heard
>anything?
>Think it was a Wu-ftpd exploit?
>
>-t
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the talk
mailing list