-----BEGIN PGP SIGNED MESSAGE-----

===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : Gert Meijerink                              Index  :    S-95-21
Distribution  : World                                       Page   :          1
Classification: External                                    Version:          1
Subject       : wu-ftpd Misconfiguration Vulnerability      Date   :  01-dec-95
===============================================================================

By courtesy of CERT Coordination Center we received the following information.

A vulnerability exists with certain configurations of the SITE EXEC command
in the Washington University ftpd, also known as wu-ftpd. Exploitation of
this vulnerability may allow root access from any account on the system.

The vulnerable configuration is known to exist in numerous Linux distributions
and is currently being actively exploited by intruders.

It should be noted that this vulnerability is not necessarily limited to Linux
but may exist on any wu-ftpd installation. Thus, all users of the wu-ftpd
program, not just the Linux users, should take this opportunity to verify the
configuration of their daemons. Note that versions of wu-ftpd before the 2.4
release contain serious security vulnerabilities and should be updated
immediately.

CERT Coordination Center has released Security Advisory CA-95:16 to tackle 
this problem. This information is mirrored on the SURFnet infoserver:

ftp://ftp.surfnet.nl/surfnet/net-security/cert-cc-mirror/cert_advisories/CA-95:16.wu-ftpd.vul

ftp://ftp.surfnet.nl/surfnet/net-security/cert-cc-mirror/cert_advisories/CA-95:16.README

You are encouraged to check the README files regularly for updates on
advisories that relate to your site. Use the SURFnet notifier to
be ensured of timely updates of these files!
==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. 
SURFnet is the Dutch network for educational, research and related institutes.
CERT-NL is a member of the Forum of Incident Response and Security Teams 
(FIRST). 

All CERT-NL material is available under:
  http://www.surfnet.nl/surfnet/security/cert-nl.html
  ftp://ftp.surfnet.nl/surfnet/net-security 
  
In case of computer or network security problems please contact your 
local CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet 
customer please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
   Email:     cert-nl@surfnet.nl
   Phone:     +31 302 305 305
   Fax:       +31 302 305 329
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands
   A 7 * 24 hours phone number is available to SURFnet SSC's and FIRST
   members on request.
==============================================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMML+kx68tkuRYDgtAQHbngP6Au4kxjCjfAH6zCDnd0pxHcT9I/XJz+g9
12TRwUlrzpcHgXe6qCdGCrrIHDjk876kqy8270iw34wbnCEpnvmjE6adFfEioyjk
r3L8vsgyOmSaaSPX+C+x5qyGULvs/t/Q/u1Rv7XmmejtUmH0t+fr5SMtPK+ZK6lB
d4WYleEswQQ=
=pfBW
-----END PGP SIGNATURE-----