Bug 58454 - Bad: security hole in version 2.6.1-16
Bad: security hole in version 2.6.1-16
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd (Show other bugs)
7.1
i686 Linux
high Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-01-16 20:28 EST by Need Real Name
Modified: 2007-03-26 23:50 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-01-16 20:28:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2002-01-16 20:28:31 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2.1) Gecko/20010901

Description of problem:
My server (www.sjsocial.org) was hacked by someone who I am pretty sure entred
via wu-ftpd. I don't know how. I had the recommended version installed. 

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:

I can't really offer much more information. When I discovered the hack I had to
reinsure the machine's integrity since the hacker changed basic binaries like
'ls' and created many entried in '/dev' so I have reformatted the disc in order
not to be off the air too long.
The source machine for the hack was in Germany, its ip started with:
141.35.
Comment 1 Bernhard Rosenkraenzer 2002-01-17 06:45:40 EST
Please update to 2.6.1-20.
Comment 2 Need Real Name 2002-01-17 11:50:24 EST
Unfortunately, the update provided on the errata pages, to close security holes
is version 2.6.1-16 implying that it is secure when obviously it isn't. The
errata pages should be updated to version 2.6.1-20, shouldn't they?

Note You need to log in before you can comment on or make changes to this bug.