Hewlett Packard Information for VU#29823
Format string input validation error in wu-ftpd site_exec() function
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 11 Oct 2000
HP is vulnerable. Please see:
HPSBUX0007-117: Sec. Vulnerability in ftpd, **Rev.01** HEWLETT-PACKARD COMPANY SECURITY ADVISORY: #00117, 11 July '00, Last Revised: 12 July '00
- PROBLEM: The ftp server (ftpd) on HP-UX allows users root access.
PLATFORM: HP-UX release 11.00 - Both Problem #1 and #2 below; HP-UX release 10.20 - Problem #2, setproctitle(), only
DAMAGE: Unauthorized root access.
SOLUTION: Install temporary binary until an official patch is released.
AVAILABILITY: The temporary binary is available now (see below).
- There are 2 problems with FTP Server (ftpd) on HP-UX.
- ftpd handling of the SITE EXEC command that allows remote users to gain root access. This is possible in the default configuration of ftpd on HP-UX 11.00 ONLY.
- ftpd does not properly format the parameters to the setproctitle() function, allowing users to gain root access. This problem applies to both 11.00 and 10.X.
- All system administrators are encouraged to install our temporary binary until an official patch is released. The file can be retrieved to simply replace the original factory supplied binary.
- Two temporary ftp binaries (for HP-UX 11.00 and HP-UX 10.20) can be found at:
--->>>These are to be installed in /usr/lbin/ftpd, with permissions 544.
Copyright © 2000 Hewlett-Packard Company
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.