Hewlett Packard Information for VU#29823

Format string input validation error in wu-ftpd site_exec() function



Vendor Statement

HP is vulnerable. Please see:

    HPSBUX0007-117: Sec. Vulnerability in ftpd, **Rev.01** HEWLETT-PACKARD COMPANY SECURITY ADVISORY: #00117, 11 July '00, Last Revised: 12 July '00

An excerpt:
    PROBLEM: The ftp server (ftpd) on HP-UX allows users root access.
    PLATFORM: HP-UX release 11.00 - Both Problem #1 and #2 below; HP-UX release 10.20 - Problem #2, setproctitle(), only
    DAMAGE: Unauthorized root access.
    SOLUTION: Install temporary binary until an official patch is released.
    AVAILABILITY: The temporary binary is available now (see below).

    A. Background
      There are 2 problems with FTP Server (ftpd) on HP-UX.
        1. ftpd handling of the SITE EXEC command that allows remote users to gain root access. This is possible in the default configuration of ftpd on HP-UX 11.00 ONLY.
        2. ftpd does not properly format the parameters to the setproctitle() function, allowing users to gain root access. This problem applies to both 11.00 and 10.X.
    B. Fixing the problem
      All system administrators are encouraged to install our temporary binary until an official patch is released. The file can be retrieved to simply replace the original factory supplied binary.
    C. Recommended solution
NOTE: This advisory [HPSBUX0007-117] will be updated when patches become available.
Copyright 2000 Hewlett-Packard Company

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.