Bugtraq mailing list archives

SECURITY FIX/UPDATE: anonftp

From: sopwith () redhat com (Elliot Lee)
Date: Mon, 19 Aug 1996 18:57:03 -0400


-----BEGIN PGP SIGNED MESSAGE-----

There is a security hole in the anonftp package included with all versions
of Red Hat Linux that allows an anonymous FTP user to execute arbitrary
commands in the chroot FTP environment. Due to some options in GNU tar
that are enabled by default, any program that exists (or can be uploaded
to) an FTP server can be run.

Severity is limited due to the chroot environment, but the problem still
needs to be addressed.

Updates are available on ftp.redhat.com now.

If you are using a version prior to 3.0.3, an upgrade is recommended to
solve other security holes.

If you are using 3.0.3 on the Intel, get
ftp://ftp.redhat.com/pub/redhat/redhat-3.0.3/i386/updates/RPMS/anonftp-2.0-2.i386.rpm
and install it using 'rpm -Uvh [filename]'

If you are using 3.0.3 on the Alpha, get
ftp://ftp.redhat.com/pub/redhat/redhat-3.0.3/axp/updates/RPMS/anonftp-2.0-2.axp.rpm
and install it using 'rpm -Uvh [filename]'

If you are using 3.0.4 (Rembrandt BETA) on the Intel, get
ftp://ftp.redhat.com/pub/redhat/rembrandt/i386/updates/RPMS/anonftp-2.2-2.i386.rpm
and install it using 'rpm -Uvh [filename]'

If you are using 3.0.4 (Rembrandt BETA) on the Sparc, get
ftp://ftp.redhat.com/pub/redhat/rembrandt/sparc/updates/RPMS/anonftp-2.2-2.sparc.rpm
and install it using 'rpm -Uvh [filename]'

All packages are PGP signed. Source packages are available in the usual
locations.

MD5 checksums:

ea1798199eb426695c6d4c2ad4106422  anonftp-2.0-2.axp.rpm
764ee004e25c3e278290820dbd58cc58  anonftp-2.0-2.i386.rpm
cb0b1905ab8d389d64677519913346a5  anonftp-2.0-2.src.rpm

c14af78ec7d5083b54e61f973ca7c6fb  anonftp-2.2-2.i386.rpm
760cb3d5bb37c618f1b84f1aa0f5ea53  anonftp-2.2-2.sparc.rpm
a2f3fb6e06fca1485e3f11e5e04f83d8  anonftp-2.2-2.src.rpm

Thanks to Alan Cox for finding this problem.

- -- Elliot Lee <sopwith () redhat com>
   Red Hat Software, http://www.redhat.com/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhjxQiaSlK8942+NAQEngAQAgQDpcY4zYyvegaYQrAx1pW9w2IEeHqE5
yyeRre2rUsWBKVjizDttz+JO130+/2cZjjG0bpDzKeZidkENZGkHzlIP+lQLDAuG
jZ8rBqAdaEXmRUwZJzjwmEfBM218Z/W+fSrPj/w0CMqCn1THwJN4Vu6xaZ8TkxGf
2cI2lMO7XkQ=
=qu3w
-----END PGP SIGNATURE-----

Current thread:

Re: libresolv+ bug, (continued)
- - - Re: libresolv+ bug Casper Dik (Aug 19)
    - Re: libresolv+ bug Alan Cox (Aug 19)
    - Re: libresolv+ bug Brian Mitchell (Aug 19)
    - Re: libresolv+ bug David Holland (Aug 19)
    - Re: libresolv+ bug Alan Cox (Aug 19)
    - Re: libresolv+ bug Steve Czetty (Aug 19)
    - real time decode of tcpdump output Michael Ryan (Aug 19)
    - WU.FTPD vulnerability: gnu tar possibly others Alan Cox (Aug 19)
    - Re: WU.FTPD vulnerability: gnu tar possibly others Pedro Melo (Aug 19)
    - Re: WU.FTPD vulnerability: gnu tar possibly others Christian Limpach (Aug 19)
    - SECURITY FIX/UPDATE: anonftp Elliot Lee (Aug 19)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Igor Chudov @ home (Aug 18)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Evil Pete (Aug 18)
    - CERT Advisory CA-96.18 - Vulnerability in fm_fls CERT Advisory (Aug 14)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Ficus Kirkpatrick (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Alexander O. Yuriev (Aug 14)
    - Tracking tools? David Miller (Aug 14)
    - Re: Tracking tools? Gene Titus (Aug 15)
    - Re: Tracking tools? neill (Aug 15)
    - Re: Tracking tools? Tracy R. Reed (Aug 15)
    - SGI Security Advisory 19960801-01-PX, SGI Security Coordinator (Aug 17)

(Thread continues...)