Bugtraq mailing list archives
Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD
From: r-dass () NTX1 CSO UIUC EDU (Rami Dass)
Date: Thu, 21 Oct 1999 15:05:22 -0500
Also, I beleive that this problem occurs only in certain OS's vulnerable to the getcwd() exploit, the ERRATA file, in the 2.6.0 source tree, lists them: "Systems needing getcwd(): BSD 4.4 (bsd) Unix 3.x (dec) DG/UX (dgx) Dynix (dyn) generic (gen) NeXTstep 2.x (nx2) OSF/1 (osf) Sony NewsOS (sny)" So this exploit MIGHT be OS specific and certain OS's running versions prior to 2.6.0 may not be affected. I did try building 2.6.0 under Solaris 7, and there were some problems with using "ls". Incidentally, there has been a patch available to address the getcwd() issue on the ftp site for wu-ftpd that can be applied to 2.5.0. -----Original Message----- From: Richard Trott [mailto:trott () SLOWPOISONERS COM] Sent: Wednesday, October 20, 1999 5:17 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD
WU-FTPD and BeroFTPD Vulnerability #1: Not vulnerable: versions 2.4.2 and all betas and earlier versions Vulnerable: wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15 wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17 wu-ftpd-2.5.0 BeroFTPD, all versions
CERT appears to have left out wu-ftpd-2.6.0 (although they included it in the lists for the other two vulnerabilities). Version 2.6.0 does *not* have the "MAPPING_CHDIR Buffer Overflow" vulnerability, at least if the ANNOUNCE-RELEASE file for that version is to be believed. It reads, in part: "Corrected an error in the MAPPING_CHDIR feature which could be used to gain root privileges on the server." Presumably, this refers to this vulnerability. Rich
Current thread:
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Rami Dass (Oct 21)
- HP automountd security bulletin dsiebert () ENGINEERING UIOWA EDU (Oct 22)
- Re: HP automountd security bulletin Bennett Todd (Oct 25)
- Re: HP automountd security bulletin Valdis.Kletnieks () VT EDU (Oct 27)
- Re: HP automountd security bulletin Byron Miller (Oct 27)
- Re: HP automountd security bulletin Bennett Todd (Oct 25)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Gregory A Lundberg (Oct 22)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Charles M. Richmond (Oct 26)
- [slackware-security] CA-99-13: wu-ftpd upgrade available (fwd) Rafael Rodrigues Obelheiro (Oct 23)
- RFP9905: Zeus webserver remote root compromise .rain.forest.puppy. (Oct 25)
- HP automountd security bulletin dsiebert () ENGINEERING UIOWA EDU (Oct 22)