Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Immunix Information for VU#886083

Date Notified:
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

-----------------------------------------------------------------------

        Immunix OS Security Advisory

Packages updated:       wu-ftpd
Affected products:      Immunix 7.0
Bugs fixed:             immunix/1861
Date:                   Wed Nov 28 2001
Advisory ID:            IMNX-2001-70-036-01
Author:                 Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------

Description:
  CORE Security Technologies has found an heap overflow problem in
  wu-ftpd, related to the internal globbing functions. Because this is a
  heap overflow, StackGuard does not prevent any possible exploits from
  working.

  Thomas Biege from SuSE has also discovered several format-string
  problems that may or may not be remotely exploitable; these problems
  were also found independently by someone else, who sadly is unknown to
  WireX.

  The wu-ftpd packages provided here fix these problems, as well as
  other lesser problems.

  References: http://www.securityfocus.com/archive/1/242750

Package names and locations:
  Precompiled binary packages for Immunix 7.0 are available at:
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/wu-ftpd-2.6.1-6_imnx_4.i386.rpm

  Source package for Immunix 7.0 is available at:
  http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/wu-ftpd-2.6.1-6_imnx_4.src.rpm

Immunix OS 7.0 md5sums:
  c6c2fa2fa60f2cfe5b496ad0281fa486  RPMS/wu-ftpd-2.6.1-6_imnx_4.i386.rpm
  e8a2e0a1f8abe59ad058b6fecc8a1c72  SRPMS/wu-ftpd-2.6.1-6_imnx_4.src.rpm

GPG verification:                                                              
  Our public key is available at <http://wirex.com/security/GPG_KEY>.          
  *** NOTE *** This key is different from the one used in advisories            
  IMNX-2001-70-020-01 and earlier.

Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 6.2 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@wirex.com. WireX
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information