Sun Information for VU#886083
WU-FTPD does not properly handle file name globbing
- Vendor Information Help Date Notified: 21 Nov 2001
- Statement Date:
- Date Updated: 30 Nov 2001
Sun [Solaris] does not ship WU-FTPD, thus Solaris is not affected by these issues.
The only Sun Cobalt Server Appliance that is vulnerable to this exploit is the Qube1. The Qube1 is no longer a supported appliance, but we do understand the need of having updates available. The following RPM is not officially supported by Sun Cobalt, but offers legacy customers the ability to maintain a limited level of security.
- ftp://ftp.cobaltnet.com/pub/unsupported/qube1/rpms/wu-ftpd-2.6.1-C1.NOPAM.mips.rpm ftp://ftp.cobaltnet.com/pub/unsupported/qube1/srpms/wu-ftpd-2.6.1-C1.NOPAM.src.rpm
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.