From owner-freebsd-security  Sat Nov 25  4:47:24 2000
Delivered-To: freebsd-security@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP id E29A037B4CF
	for <freebsd-security@FreeBSD.ORG>; Sat, 25 Nov 2000 04:47:22 -0800 (PST)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id eAPClJ320955;
	Sat, 25 Nov 2000 04:47:19 -0800 (PST)
Date: Sat, 25 Nov 2000 04:47:19 -0800
From: Alfred Perlstein <bright@wintelcom.net>
To: Spades <spades@galaxynet.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: wuftp
Message-ID: <20001125044719.J8051@fw.wintelcom.net>
References: <3.0.32.20001125204508.01752dd0@smtp.magix.com.sg>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3.0.32.20001125204508.01752dd0@smtp.magix.com.sg>; from spades@galaxynet.org on Sat, Nov 25, 2000 at 08:45:08PM +0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

* Spades <spades@galaxynet.org> [001125 04:44] wrote:
> I run FreeBSD 4.1.1-release, is it vulnerable to the wuftp exploit?
> 
> I think someone tried to overflow my office server with mass anonymous
> login.
> 
> Any idea or comments?

Upgrade to the lastest version of wu-ftpd.  They probably tried
some linux/solaris version of the script to exploit.

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message