CERT information is misleading. Even if you do not have the trojan wu-ftpd version, Versions before 2.2 are insecure and have a major security hole. You think that CERT would have at least mentioned that even if your src for ftpd was not trojaned, please get the 2.3 version. I am not sure what the point of not releasing that information. EMPHASIS: Get wu-ftpd2.3! even if your src was not trojaned. Anyways, Graham Toal has pointed this out. To fix the security hole in previous version 2.3: 1. remove "site exec" from commands. 2. stop anonymous uploading via adding "chmod no anonymous" and "umask no anonymous" to ftpaccess file. 3. remove ftp-exec subdirectory in ~ftp/bin 4. Obtain and install wu-ftpd 2.3 Below is the information for Trojaned version. But even if you do not have Trojaned version, you will need to install wu-ftpd2.3. Here is some information that may help you know if you have a trojan version. you can grep \"NULL\" in *.c for that will let you know if you have the trojan. the password checking routine in ftpd.c should probably not differ from the following: #ifdef ULTRIX_AUTH if ((numfails = ultrix_check_pass(passwd, xpasswd)) < 0) { #else /* The strcmp does not catch null passwords! */ if (pw == NULL || *pw->pw_passwd == '\0' || strcmp(xpasswd, pw->pw_passwd)) { #endif reply(530, "Login incorrect."); -- Christopher William Klaus Email: cklaus@shadow.net Author:Inet Sec. Scanner 2209 Summit Place Drive,Dunwoody, GA 30350-2430. (404)998-5871.