Bugtraq mailing list archives
Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD
From: cprice () MOLBIO UNMC EDU (Chad Price)
Date: Thu, 21 Oct 1999 13:11:32 -0500
I noticed that also; however the release of 2.6.0 and the CERT advisory (as well as the AUSCERT advisory) were in fact closely coordinated. This is because 2.6.0 does fix all the items listed in the advisory. At 03:16 PM 10/20/1999 -0700, you wrote:
WU-FTPD and BeroFTPD Vulnerability #1: Not vulnerable: versions 2.4.2 and all betas and earlier versions Vulnerable: wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15 wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17 wu-ftpd-2.5.0 BeroFTPD, all versionsCERT appears to have left out wu-ftpd-2.6.0 (although they included it in the lists for the other two vulnerabilities). Version 2.6.0 does *not* have the "MAPPING_CHDIR Buffer Overflow" vulnerability, at least if the ANNOUNCE-RELEASE file for that version is to be believed. It reads, in part: "Corrected an error in the MAPPING_CHDIR feature which could be used to gain root privileges on the server." Presumably, this refers to this vulnerability. Rich
Chad Price Systems Manager, Genetic Sequence Analysis Facility University of Nebraska Medical Center 986495 Nebraska Medical Center Omaha, NE 68506-6495 cprice () molbio unmc edu (402) 559-9527 (402) 559-4077 (FAX)
Current thread:
- Re: execve bug linux-2.2.12, (continued)
- Re: execve bug linux-2.2.12 visi0n (Oct 15)
- Re: execve bug linux-2.2.12 Alan Cox (Oct 16)
- Re: execve bug linux-2.2.12 ben () VALINUX COM (Oct 16)
- Re: execve bug linux-2.2.12 Matt Chapman (Oct 18)
- Re: execve bug linux-2.2.12 Taneli Huuskonen (Oct 19)
- Re: execve bug linux-2.2.12 Alan Cox (Oct 20)
- Microsoft Security Bulletin (MS99-044) Aleph One (Oct 20)
- Re: execve bug linux-2.2.12 Timo Felbinger (Oct 20)
- CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Aleph One (Oct 20)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Richard Trott (Oct 20)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Chad Price (Oct 21)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Gregory A Lundberg (Oct 21)
- Remote DoS in Axent's Raptor 6.0 Mike Frantzen (Oct 20)
- xmonisdn (isdn4k-utils/Linux) bug report Ron van Daal (Oct 18)
- Re: xmonisdn (isdn4k-utils/Linux) bug report Jan-Hendrik Terstegge (Oct 20)
- Last weeks release: whisker (new web scanner) rfp () WIRETRIP NET (Oct 20)
- Re: xmonisdn (isdn4k-utils/Linux) bug report Ron van Daal (Oct 20)
- Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication Olaf Selke (Oct 20)
- DoS in Eicon ISDN Modem is now fixed Aviram Jenik (Oct 20)