|
DESCRIPTION A remotely-exploitable vulnerability has been found in the "wu-ftpd" package. Specifically the command "SITE EXEC" is can overflow its buffer leading to compromise. The "wu-ftpd" package provides FTP server functionality and is enabled by default on the Developer and OfficeServer products. SOLUTION Download the following RPM packages to the NetWinder into a temporary
directory, then install them with the command "rpm -Uvh *.rpm". Be sure
there are no other files ending in ".rpm" in the temporary directory. See
http://www.netwinder.org/security/install.html for more help. Required packages http://www.netwinder.org/updates/3.1-15/armv4l/wu-ftpd-2.6.0-14.6x.armv4l.rpm REFERENCES Reported on Red Hat's bugtraq on June 23, 2000. |