Jeff, this is true, however if there was an
exploitable buffer overrunn code similar to
wuftpd versions it would not effect the Raqs
anyway since they come with stack execution
disabled, which protects it from exploit code
overruns/overflows, thus eliminating the need
to scramble to patch the Raqs.
WRONG!!! I personally can vouch that this *IS* a
threat to RaQ's (3&4) because we just had a local user
try and use it against us just yesterday... They
didn't succeed in hacking into the box (as far as we
can tell), but they DID manage to bring it down... All
our RaQ's are fully patched and up to date (and then
some).. But afterwards, we found our logs FULL of
buffer overruns and kernel calls (traces) and all
kinds of other fun stuff from their attempt...
Eventually the system had so many open files it just
started rejecting everything and eventually crashed.
Make no mistake - THIS IS A VALID THREAT TO RAQ'S and
needs plugged ASAP!! We have since disabled FTP on all
our systems until a patch is released. Let's not be
fooled with a false sense of security regarding this
one..
__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! A
uctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security