Bugtraq mailing list archives
SECURITY FIX/UPDATE: anonftp
From: sopwith () redhat com (Elliot Lee)
Date: Mon, 19 Aug 1996 18:57:03 -0400
-----BEGIN PGP SIGNED MESSAGE----- There is a security hole in the anonftp package included with all versions of Red Hat Linux that allows an anonymous FTP user to execute arbitrary commands in the chroot FTP environment. Due to some options in GNU tar that are enabled by default, any program that exists (or can be uploaded to) an FTP server can be run. Severity is limited due to the chroot environment, but the problem still needs to be addressed. Updates are available on ftp.redhat.com now. If you are using a version prior to 3.0.3, an upgrade is recommended to solve other security holes. If you are using 3.0.3 on the Intel, get ftp://ftp.redhat.com/pub/redhat/redhat-3.0.3/i386/updates/RPMS/anonftp-2.0-2.i386.rpm and install it using 'rpm -Uvh [filename]' If you are using 3.0.3 on the Alpha, get ftp://ftp.redhat.com/pub/redhat/redhat-3.0.3/axp/updates/RPMS/anonftp-2.0-2.axp.rpm and install it using 'rpm -Uvh [filename]' If you are using 3.0.4 (Rembrandt BETA) on the Intel, get ftp://ftp.redhat.com/pub/redhat/rembrandt/i386/updates/RPMS/anonftp-2.2-2.i386.rpm and install it using 'rpm -Uvh [filename]' If you are using 3.0.4 (Rembrandt BETA) on the Sparc, get ftp://ftp.redhat.com/pub/redhat/rembrandt/sparc/updates/RPMS/anonftp-2.2-2.sparc.rpm and install it using 'rpm -Uvh [filename]' All packages are PGP signed. Source packages are available in the usual locations. MD5 checksums: ea1798199eb426695c6d4c2ad4106422 anonftp-2.0-2.axp.rpm 764ee004e25c3e278290820dbd58cc58 anonftp-2.0-2.i386.rpm cb0b1905ab8d389d64677519913346a5 anonftp-2.0-2.src.rpm c14af78ec7d5083b54e61f973ca7c6fb anonftp-2.2-2.i386.rpm 760cb3d5bb37c618f1b84f1aa0f5ea53 anonftp-2.2-2.sparc.rpm a2f3fb6e06fca1485e3f11e5e04f83d8 anonftp-2.2-2.src.rpm Thanks to Alan Cox for finding this problem. - -- Elliot Lee <sopwith () redhat com> Red Hat Software, http://www.redhat.com/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMhjxQiaSlK8942+NAQEngAQAgQDpcY4zYyvegaYQrAx1pW9w2IEeHqE5 yyeRre2rUsWBKVjizDttz+JO130+/2cZjjG0bpDzKeZidkENZGkHzlIP+lQLDAuG jZ8rBqAdaEXmRUwZJzjwmEfBM218Z/W+fSrPj/w0CMqCn1THwJN4Vu6xaZ8TkxGf 2cI2lMO7XkQ= =qu3w -----END PGP SIGNATURE-----
Current thread:
- Re: libresolv+ bug, (continued)
- Re: libresolv+ bug Casper Dik (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 19)
- Re: libresolv+ bug Brian Mitchell (Aug 19)
- Re: libresolv+ bug David Holland (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 19)
- Re: libresolv+ bug Steve Czetty (Aug 19)
- real time decode of tcpdump output Michael Ryan (Aug 19)
- WU.FTPD vulnerability: gnu tar possibly others Alan Cox (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Pedro Melo (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Christian Limpach (Aug 19)
- SECURITY FIX/UPDATE: anonftp Elliot Lee (Aug 19)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Igor Chudov @ home (Aug 18)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Evil Pete (Aug 18)
- CERT Advisory CA-96.18 - Vulnerability in fm_fls CERT Advisory (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Ficus Kirkpatrick (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Alexander O. Yuriev (Aug 14)
- Tracking tools? David Miller (Aug 14)
- Re: Tracking tools? Gene Titus (Aug 15)
- Re: Tracking tools? neill (Aug 15)
- Re: Tracking tools? Tracy R. Reed (Aug 15)
- SGI Security Advisory 19960801-01-PX, SGI Security Coordinator (Aug 17)