Washington University Information for VU#29823

Home | FAQ | Contact | Privacy Policy

Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

View Notes By

Other Documents

Washington University Information for VU#29823

Date Notified:
Date Updated:
Statement Date:
Status Summary:	Vulnerable

Vendor Statement

The WU-FTPD Development Group's primary distribution site is mirrored world-wide. A list of mirrors is available from:

http://www.wu-ftpd.org/mirrors.txt

If possible, please use a mirror to obtain patches or the latest version.

Upgrade your version of wu-ftpd
The latest release of wu-ftpd, version 2.6.1, has been released to address these and several other security issues:

ftp://ftp.wu-ftpd.org/pub/wu-ftpd/wu-ftpd-2.6.1.tar.gz

ftp://ftp.wu-ftpd.org/pub/wu-ftpd/wu-ftpd-2.6.1.tar.gz.asc

ftp://ftp.wu-ftpd.org/pub/wu-ftpd/wu-ftpd-2.6.1.tar.Z

ftp://ftp.wu-ftpd.org/pub/wu-ftpd/wu-ftpd-2.6.1.tar.Z.asc

Apply a patch
The wu-ftpd developers have published the following patch for wu-ftpd 2.6.0:

ftp://ftp.wu-ftpd.org/pub/ wu-ftpd/patches/apply_to_2.6.0/lreply-buffer-overflow.patch

ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.0/lreply-buffer-overflow.patch.asc

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information