Hewlett Packard Information for VU#29823

HPSBUX0007-117: Sec. Vulnerability in ftpd, **Rev.01** HEWLETT-PACKARD COMPANY SECURITY ADVISORY: #00117, 11 July '00, Last Revised: 12 July '00

PROBLEM: The ftp server (ftpd) on HP-UX allows users root access.
PLATFORM: HP-UX release 11.00 - Both Problem #1 and #2 below; HP-UX release 10.20 - Problem #2, setproctitle(), only
DAMAGE: Unauthorized root access.
SOLUTION: Install temporary binary until an official patch is released.
AVAILABILITY: The temporary binary is available now (see below).


---


A. Background
There are 2 problems with FTP Server (ftpd) on HP-UX.
1. ftpd handling of the SITE EXEC command that allows remote users to gain root access. This is possible in the default configuration of ftpd on HP-UX 11.00 ONLY.
2. ftpd does not properly format the parameters to the setproctitle() function, allowing users to gain root access. This problem applies to both 11.00 and 10.X.
B. Fixing the problem
All system administrators are encouraged to install our temporary binary until an official patch is released. The file can be retrieved to simply replace the original factory supplied binary.
C. Recommended solution
Two temporary ftp binaries (for HP-UX 11.00 and HP-UX 10.20) can be found at:
ftp://ftp.cup.hp.com/dist/networking/ftp/ftpd.11.0
ftp://ftp.cup.hp.com/dist/networking/ftp/ftpd.10.20
**Revised 01**
--->>>These are to be installed in /usr/lbin/ftpd, with permissions 544.

If you have feedback, comments, or additional information about this vulnerability, please send us email.