Sun Information for VU#886083

WU-FTPD does not properly handle file name globbing

Status

Affected

Vendor Statement

Sun [Solaris] does not ship WU-FTPD, thus Solaris is not affected by these issues.

The only Sun Cobalt Server Appliance that is vulnerable to this exploit is the Qube1. The Qube1 is no longer a supported appliance, but we do understand the need of having updates available. The following RPM is not officially supported by Sun Cobalt, but offers legacy customers the ability to maintain a limited level of security.

Qube1:

ftp://ftp.cobaltnet.com/pub/unsupported/qube1/rpms/wu-ftpd-2.6.1-C1.NOPAM.mips.rpm

ftp://ftp.cobaltnet.com/pub/unsupported/qube1/srpms/wu-ftpd-2.6.1-C1.NOPAM.src.rpm

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.