Hewlett Packard Information for VU#29823
Format string input validation error in wu-ftpd site_exec() function
HP is vulnerable. Please see:
HPSBUX0007-117: Sec. Vulnerability in ftpd, **Rev.01** HEWLETT-PACKARD COMPANY SECURITY ADVISORY: #00117, 11 July '00, Last Revised: 12 July '00
PROBLEM: The ftp server (ftpd) on HP-UX allows users root access.
PLATFORM: HP-UX release 11.00 - Both Problem #1 and #2 below; HP-UX release 10.20 - Problem #2, setproctitle(), only
DAMAGE: Unauthorized root access.
SOLUTION: Install temporary binary until an official patch is released.
AVAILABILITY: The temporary binary is available now (see below).
There are 2 problems with FTP Server (ftpd) on HP-UX.
- ftpd handling of the SITE EXEC command that allows remote users to gain root access. This is possible in the default configuration of ftpd on HP-UX 11.00 ONLY.
- ftpd does not properly format the parameters to the setproctitle() function, allowing users to gain root access. This problem applies to both 11.00 and 10.X.
B. Fixing the problem
All system administrators are encouraged to install our temporary binary until an official patch is released. The file can be retrieved to simply replace the original factory supplied binary.
C. Recommended solution
NOTE: This advisory [HPSBUX0007-117] will be updated when patches become available.
Copyright © 2000 Hewlett-Packard Company
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.