Return-Path: <sentto-279987-3978-1007080599-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 29 Nov 2001 16:40:08 -0800 (PST) Received: (qmail 6537 invoked by uid 510); 30 Nov 2001 00:37:08 -0000 Received: from n7.groups.yahoo.com (216.115.96.57) by all.net with SMTP; 30 Nov 2001 00:37:08 -0000 X-eGroups-Return: sentto-279987-3978-1007080599-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.53] by n7.groups.yahoo.com with NNFMP; 30 Nov 2001 00:36:43 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 30 Nov 2001 00:36:39 -0000 Received: (qmail 75534 invoked from network); 30 Nov 2001 00:36:37 -0000 Received: from unknown (216.115.97.171) by m9.grp.snv.yahoo.com with QMQP; 30 Nov 2001 00:36:37 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3.grp.snv.yahoo.com with SMTP; 30 Nov 2001 00:36:38 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAU0cYi14541 for iwar@onelist.com; Thu, 29 Nov 2001 16:38:34 -0800 Message-Id: <200111300038.fAU0cYi14541@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 29 Nov 2001 16:38:34 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:NIPC.advisory.on.wu-ftp.vulnerability.] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit NIPC ADVISORY 01-027: "Significant Vulnerability Identified In Common Linux File Transport Protocol Program Identified" NIPC, 11/28/2001 <a href="http://www.nipc.gov/warnings/advisories/2001/01-027.htm">http://www.nipc.gov/warnings/advisories/2001/01-027.htm> Summary: The National Infrastructure Protection Center (NIPC) has learned about a vulnerability in versions of the Washington University File Transport Protocol Daemon (WU-FTPD) that could lead to an attacker gaining surreptitious access to sensitive information. For those systems using the WU-FTPD service for which a patch is not yet available, it is suggested that you either disable FTP by blocking TCP port 21 or, in those instances where this is not an option, disable anonymous logon. Problem: The original problem was discovered by Bindview more than 6 months ago, but not believed to be exploitable at that time. Since that time, Core Security Technologies has proven that the vulnerability is exploitable. Additionally, it is believed that an exploit, leveraging this vulnerability for Linux systems, is already circulating in the hacker community. In order for an attacker to be able to exploit this vulnerability, the WU-FTPD service must either allow anonymous access or the attacker must gain valid credentials to use the service. Anonymous access is often enabled by default on some systems. Additional technical information, including a list of affected versions can be found at the following website: <a href="http://aris.securityfocus.com/alerts/wuftpd/">http://aris.securityfocus.com/alerts/wuftpd/> Mitigation: The WU-FTPD development team has been notified of the problem and is working on a patch to correct the problem. Until a patch is released, users can mitigate the potential impact of this by disabling FTP, which normally runs on TCP port 21. Also, it is suggested, for those sites that require FTP to be enabled, that they restrict anonymous access, which is basically a guest account that is often available without any additional authentication. Recipients of this advisory are encouraged to report computer intrusions to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to the other appropriate authorities. Incidents may be reported online at http://www.nipc.gov/incident/cirr.htm. The NIPC Watch and Warning Unit can be reached at (202) 323-3204/3205/3206 or nipc.watch@fbi.gov. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Universal Inkjet Refill Kit $29.95 Refill any ink cartridge for less! Includes black and color ink. http://us.click.yahoo.com/f00vhB/MkNDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST