By Pia Heikkila, 30 November 2001 11:10
NEWS US security research lab Cert has discovered a serious vulnerability affecting Linux software. A hole in file transfer software WU-FTPD could be exploited by a hacker to gain access to the root server and force a way into the computer system. Cert's labs found two possible vulnerabilities on WU-FTPD's inability to handle certain commands, affecting both Linux and Unix systems. Describing the potential scenario, Cert said: "This vulnerability is potentially exploitable by any user who is able to log in to a vulnerable server, including users with anonymous access. "If the exploit is successful, an attacker may be able to execute arbitrary code with the privileges of WU-FTPD, typically root." All Linux vendors, including Red Hat, Mandrake and Suse have issued a patch which can be found on their respective websites.
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below