OpenLinux: wu-ftpd fb_realpath() off-by-one bug

[security () sco com]

To: announce () lists sco com bugtraq () securityfocus com security-alerts () linuxsecurity com full-disclosure () 
lists netsys com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenLinux: wu-ftpd fb_realpath() off-by-one bug
Advisory number:        CSSA-2003-024.0
Issue date:             2003 September 26
Cross reference:        sr882340 fz528117 erg712364
______________________________________________________________________________


1. Problem Description

        Wu-ftpd FTP server contains remotely exploitable off-by-one bug. A
        local or remote attacker could exploit this vulnerability to gain
        root privileges on a vulnerable system. The Common Vulnerabilities
        and Exposures project (cve.mitre.org) has assigned the name
        CAN-2003-0466 to this issue.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server                  prior to wu-ftpd-2.6.1-14.i386.rpm

        OpenLinux 3.1.1 Workstation             prior to wu-ftpd-2.6.1-14.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-024.0/RPMS

        4.2 Packages

        5dfb4811abe8ccf46d8c523b13ef34d1        wu-ftpd-2.6.1-14.i386.rpm

        4.3 Installation

        rpm -Fvh wu-ftpd-2.6.1-14.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-024.0/SRPMS

        4.5 Source Packages

        13d7a9857c9151477e20e49f25d48169        wu-ftpd-2.6.1-14.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-024.0/RPMS

        5.2 Packages

        05b6a116c8160033f16b7c52611c1f86        wu-ftpd-2.6.1-14.i386.rpm

        5.3 Installation

        rpm -Fvh wu-ftpd-2.6.1-14.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-024.0/SRPMS

        5.5 Source Packages

        b53bca2a2dcce72aa0f15c661961d2b6        wu-ftpd-2.6.1-14.src.rpm


6. References


        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr882340 fz528117
        erg712364.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj94iDAACgkQbluZssSXDTFPOgCfUrIFx1+jG+51w04qHaFxD4eT
KGgAni1FaEkMP36sPMlA6vkkPgLHsHwV
=zh3M
-----END PGP SIGNATURE-----