Upgraded WU-FTPD packages are available for Slackware 9.0 and
In addition, a MAIL_ADMIN which has been found to be insecure has
been disabled.
We do not recommend deploying WU-FTPD in situations where security
is required.
Here are the details from the Slackware 9.0 ChangeLog:
Tue Sep 23 14:43:10 PDT 2003
pasture/dontuse/wu-ftpd/wu-ftpd-2.6.2-i486-3.tgz: Fixed a security problem in
/etc/ftpconversions (CVE-1999-0997). There’s also another hole in wu-ftpd
which may be triggered if the MAIL_ADMIN feature (notifies the admin of
anonymous uploads) is used, so MAIL_ADMIN has been disabled in this build.
Also note that we’ve moved this from /pasture to /pasture/dontuse, which
should tell you something.
(* Security fix *)
WHERE TO FIND THE NEW PACKAGES:
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/pasture/dontuse/wu-ftpd/wu-ftpd-2.6.2-i386-3.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/pasture/dontuse/wu-ftpd/wu-ftpd-2.6.2-i486-3.tgz
MD5 SIGNATURES:
Slackware 9.0 package:
2585e5eb265708d0f74b7f00325aaf9f wu-ftpd-2.6.2-i386-3.tgz
Slackware -current package:
fa6d5af10336187de5b84e5bb6b11a39 wu-ftpd-2.6.2-i486-3.tgz
INSTALLATION INSTRUCTIONS:
Upgrade using upgradepkg (as root):
> upgradepkg wu-ftpd-2.6.2-i386-3.tgz