Updated: December 17, 2001
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Messages on the vuln-dev mailing list indicate that BeroFTPD is vulnerable. Since BeroFTPD shares much of its code with WU-FTPD, BeroFTPD may be affected by other vulnerabilities in WU-FTPD. BeroFTPD was split from and has since been merged back into WU-FTPD.
Notified: November 21, 2001 Updated: February 15, 2002
Affected
Caldera has released Caldera Security Advisory CSSA-2001-041.0 for Linux, CSSA-2001-SCO.36 for UnixWare and OpenUnix, and CSSA-2002-SCO.1 for OpenServer.
Caldera Linux:
Caldera (SCO) UnixWare:
Caldera (SCO) Open UNIX:
Caldera (SCO) OpenServer:
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 21, 2001 Updated: February 04, 2002
Unknown
This reported problem could not be exploited on Compaq Tru64/UNIX Operating Systems Software. WU-FTPD 2.6.1 is shipped on the Internet Express CD.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: November 30, 2001
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : wu-ftpd SUMMARY : Remote vulnerability in the wu-ftpd server DATE : 2001-11-29 12:20:00 ID : CLA-2001:442 RELEVANT RELEASES : 5.0, prg graficos, ecommerce, 5.1, 6.0, 7.0 DESCRIPTION "wu-ftpd" is one of the ftp servers available in Conectiva Linux and several other linux distributions. CORE Security Technologies[1] reported[2] a vulnerability[3] in the wu-ftpd ftp server that can be exploited remotely. The problem is in the internal glob function used by wu-ftpd which allows an attacker to corrupt memory space and execute arbitrary code remotely. There is no need for an user account on the ftp server, this problem can be abused by anonymous users as well. This vulnerability was first reported[4] by Matt Power but was deemed not exploitable at that time. SOLUTION All administrators who deploy wu-ftpd should upgrade immediately. If an upgrade is not possible, then the service should be shut down, or another ftp server should be used. There is no need to restart the service after the upgrade because wu-ftpd is started from inetd. The administrator might want to, however, shut down all current connections which would still be using the vulnerable copy to avoid a possible abuse by currently connected users. REFERENCES 1. http://www.core-sdi.com 2. http://www.securityfocus.com/archive/1/242964 3. http://www.securityfocus.com/bid/3581 4. http://www.securityfocus.com/archive/82/180823 DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/wu-ftpd-2.6.1-6U50_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/wu-ftpd-2.6.1-6U50_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/wu-ftpd-2.6.1-6U51_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/wu-ftpd-2.6.1-6U51_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/wu-ftpd-2.6.1-6U60_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/wu-ftpd-2.6.1-6U60_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/wu-ftpd-2.6.1-6U70_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/wu-ftpd-2.6.1-6U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/wu-ftpd-2.6.1-6U50_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/wu-ftpd-2.6.1-6U50_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/wu-ftpd-2.6.1-6U50_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/wu-ftpd-2.6.1-6U50_1cl.i386.rpm ADDITIONAL INSTRUCTIONS Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages: - add the following line to /etc/apt/sources.list if it is not there yet (you may also use linuxconf to do this): rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates (replace 6.0 with the correct version number if you are not running CL6.0) - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8BkQ+42jd0JmAcZARApFvAKCl+ekMYKl4mUlnjYOPzmdpdRQ2WQCfZ37k B9JhTSxN7u70wdESzG+mjhQ= =+0Mk -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 21, 2001 Updated: November 29, 2001
Not Affected
Cray, Inc. is not vulnerable since the ftp supplied with UNICOS and UNICOS/mk is not based on the Washington University version.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 21, 2001 Updated: December 04, 2001
Affected
-----BEGIN PGP SIGNED MESSAGE----- Debian Security Advisory DSA-087-1 security@debian.org http://www.debian.org/security/ Wichert Akkerman December 3, 2001 Package : wu-ftpd Problem type : remote root exploit Debian-specific: no CORE ST reports that an exploit has been found for a bug in the wu-ftpd glob code (this is the code that handles filename wildcard expansion). Any logged in user (including anonymous ftp users) can exploit the bug to gain root privilege on the server. This has been corrected in version 2.6.0-6 of the wu-ftpd package. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: http://security.debian.org/dists/stable/updates/main/source/wu-ftpd_2.6.0-6.diff.gz MD5 checksum: 3b1b4c45157bd09811d22e5a0319800f http://security.debian.org/dists/stable/updates/main/source/wu-ftpd_2.6.0-6.dsc MD5 checksum: bb6cde87269f88b9fd8a8b2202a62ca4 http://security.debian.org/dists/stable/updates/main/source/wu-ftpd_2.6.0.orig.tar.gz MD5 checksum: 652cfe4b59e0468eded736e7c281d16f Architecture independent archives: http://security.debian.org/dists/stable/updates/main/binary-all/wu-ftpd-academ_2.6.0-6_all.deb MD5 checksum: 6e611c3988121914b79de3e2042a7313 Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/wu-ftpd_2.6.0-6_alpha.deb MD5 checksum: bf2a2603573577e86a14d57814a8133a ARM architecture: http://security.debian.org/dists/stable/updates/main/binary-arm/wu-ftpd_2.6.1-6_arm.deb MD5 checksum: 073d205b811b077d0e2ea874b4e795e8 Intel IA-32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/wu-ftpd_2.6.0-6_i386.deb MD5 checksum: c3fc484e08210d7a1363c93c9d29d6eb PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/wu-ftpd_2.6.0-6_powerpc.deb MD5 checksum: 59272e14f5db909fa43b2eb0cfaf2277 Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/wu-ftpd_2.6.0-6_sparc.deb MD5 checksum: f855d628c92c7d9eccc115b167555f98 These packages will be moved into the stable distribution on its next revision. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . apt-get: deb http://security.debian.org/ stable/updates main dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBPArQi6jZR/ntlUftAQFCaQL8DjOz0SFCAaICF4aYt+J7QGlTHusvHhGT NNu/NiHSUJ0Em1jOcVbTkXr0Ahs4PN3ahCqN6rMdnYNe9biSRcQXKNbj73Mr6AjU rZFYOH5nd+r6LhYd4rf48HMGCUm6J9PI =BK/G -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 21, 2001 Updated: December 07, 2001
Affected
-----BEGIN PGP SIGNED MESSAGE----- FreeBSD-SA-01:64 Security Advisory
FreeBSD, Inc. Topic: wu-ftpd port contains remote root compromise Category: ports
Module: wu-ftpd
Announced: 2001-12-04
Credits: CORE Security Technologies
Contact: Ivan Arce (iarce@corest.com)
Affects: Ports collection prior to the correction date
Corrected: 2001-11-28 10:52:26 UTC
FreeBSD only: NO I. Background wu-ftpd is a popular full-featured FTP server. II. Problem Description The wu-ftpd port, versions prior to wu-ftpd-2.6.1_7, contains a
vulnerability which allows FTP users, both anonymous FTP users and
those with valid accounts, to execute arbitrary code as root on
the local machine. This may be accomplished by inserting invalid
globbing parameters which are incorrectly parsed by the FTP server
into command input. The wu-ftpd port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 6000 third-party applications in a ready-to-install
format. The ports collection shipped with FreeBSD 4.4 contains this
problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports. III. Impact FTP users, including anonymous FTP users, can cause arbitrary commands
to be executed as root on the local machine. If you have not chosen to install the wu-ftpd port/package, then your
system is not vulnerable to this problem. IV. Workaround Deinstall the wu-ftpd port/package, if you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the wu-ftpd port. 2) Deinstall the old package and install a new package dated after the
correction date, obtained from: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/wu-ftpd-2.6.1_7.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/wu-ftpd-2.6.1_7.tgz [alpha] Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources NOTE: It may be several days before updated packages are available. Be
sure to check the file creation date on the package, because the
version number of the software has not changed. 3) download a new port skeleton for the wu-ftpd port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz VI. Correction details The following list contains the revision numbers of each file that was
corrected in the FreeBSD ports collection. Path Revision ports/ftp/wu-ftpd/Makefile 1.41
ports/ftp/wu-ftpd/files/patch-ap 1.2 VII. References
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 21, 2001 Updated: November 30, 2001
Not Affected
Regarding VU#886083 and VU#639760 (WU-FTPD vulnerabilities), UXP/V is not vulnerable, because UXP/V does not support WU-FTPD.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 21, 2001 Updated: November 26, 2001
Not Affected
This vulnerability was addressed in HPSBUX0107-162 which was released on July 19, 2001.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 21, 2001 Updated: November 27, 2001
Not Affected
IBM's AIX operating system does not use WU-FTPd, hence is not vulnerable to the exploit described by CORE ST.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: November 29, 2001
Affected
Immunix OS Security Advisory Packages updated: wu-ftpd
Affected products: Immunix 7.0
Bugs fixed: immunix/1861
Date: Wed Nov 28 2001
Advisory ID: IMNX-2001-70-036-01
Author: Seth Arnold
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 21, 2001 Updated: December 07, 2001
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Mandrake Linux Security Update Advisory Package name: wu-ftpd
Date: November 29th, 2001
Advisory ID: MDKSA-2001:090 Affected versions: 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1 Problem Description: A vulnerability in wu-ftpd's ftpglob() function was found by the CORE
ST team. This vulnerability can be exploited to obtain root access on
the FTP server. References: http://www.securityfocus.com/bid/3581 Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command: rpm --checksig package.rpm
You can get the GPG public key of the Mandrake Linux Security Team at
http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you. Linux-Mandrake 7.1: d8bf0ffaa36f4be0d82d2a497ca97012 7.1/RPMS/wu-ftpd-2.6.1-8.7mdk.i586.rpm
8527aaf8ead9756af936518cdcf0bf19 7.1/SRPMS/wu-ftpd-2.6.1-8.7mdk.src.rpm Linux-Mandrake 7.2: be0ad73a7e3559ded06615df10467cbe 7.2/RPMS/wu-ftpd-2.6.1-8.8mdk.i586.rpm
02a177500ce246b536980c8884cc40fb 7.2/SRPMS/wu-ftpd-2.6.1-8.8mdk.src.rpm Mandrake Linux 8.0: d56665d8af147c90ac6db88d1c87ff03 8.0/RPMS/wu-ftpd-2.6.1-11.1mdk.i586.rpm
c85387ec082fd92d82d36192b96ab85b 8.0/SRPMS/wu-ftpd-2.6.1-11.1mdk.src.rpm Mandrake Linux 8.0 (PPC): 6fd48b377e4b0ea445e4c8efe46589bd ppc/8.0/RPMS/wu-ftpd-2.6.1-11.1mdk.ppc.rpm
c85387ec082fd92d82d36192b96ab85b ppc/8.0/SRPMS/wu-ftpd-2.6.1-11.1mdk.src.rpm Mandrake Linux 8.1: 108dde2929cf812461b29bd8503b8cfc 8.1/RPMS/wu-ftpd-2.6.1-11.1mdk.i586.rpm
c85387ec082fd92d82d36192b96ab85b 8.1/SRPMS/wu-ftpd-2.6.1-11.1mdk.src.rpm Corporate Server 1.0.1: d8bf0ffaa36f4be0d82d2a497ca97012 1.0.1/RPMS/wu-ftpd-2.6.1-8.7mdk.i586.rpm
8527aaf8ead9756af936518cdcf0bf19 1.0.1/SRPMS/wu-ftpd-2.6.1-8.7mdk.src.rpm Bug IDs fixed (see https://qa.mandrakesoft.com for more information): To upgrade automatically, use MandrakeUpdate. If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". You can download the updates directly from one of the mirror sites
listed at: http://www.linux-mandrake.com/en/ftp.php3. Updated packages are available in the "updates/[ver]/RPMS/" directory. For example, if you are looking for an updated RPM package for
Mandrake Linux 8.0, look for it in "updates/8.0/RPMS/". Updated source
RPMs are available as well, but you generally do not need to download
them. Please be aware that sometimes it takes the mirrors a few hours to
update. You can view other security advisories for Mandrake Linux at: http://www.linux-mandrake.com/en/security/ If you want to report vulnerabilities, please contact security@linux-mandrake.com Mandrake Linux has two security-related mailing list services that
anyone can subscribe to: security-announce@linux-mandrake.com Mandrake Linux's security announcements mailing list. Only
announcements are sent to this list and it is read-only. security-discuss@linux-mandrake.com Mandrake Linux's security discussion mailing list. This list is open
to anyone to discuss Mandrake Linux security specifically and Linux
security in general. To subscribe to either list, send a message to
sympa@linux-mandrake.com
with "subscribe [listname]" in the body of the message. To remove yourself from either list, send a message to
sympa@linux-mandrake.com
with "unsubscribe [listname]" in the body of the message. To get more information on either list, send a message to
sympa@linux-mandrake.com
with "info [listname]" in the body of the message. Optionally, you can use the web interface to subscribe to or unsubscribe
from either list: http://www.linux-mandrake.com/en/flists.php3#security Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 27, 2001 Updated: November 30, 2001
Not Affected
All versions of NcFTPd Server are not vulnerable to the problems described by VU#886083 and VU#639760.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 21, 2001 Updated: November 28, 2001
Not Affected
OpenBSD does not use WU-FTPd.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 21, 2001 Updated: November 30, 2001
Affected
Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated wu-ftpd packages are available
Advisory ID: RHSA-2001:157-06
Issue date: 2001-11-20
Updated on: 2001-11-26
Product: Red Hat Linux
Keywords: wu-ftpd buffer overrun glob ftpglob
Cross references: Obsoletes: RHSA-2000:039 1. Topic: Updated wu-ftpd packages are available to fix an overflowable buffer. 2. Relevant releases/architectures: Red Hat Linux 6.2 - alpha, i386, sparc Red Hat Linux 7.0 - alpha, i386 Red Hat Linux 7.1 - alpha, i386, ia64 Red Hat Linux 7.2 - i386 3. Problem description: An overflowable buffer exists in earlier versions of wu-ftpd. An attacker could gain access to the machine by sending malicious
commands. It is recommended that all users of wu-ftpd upgrade to the lastest
version. 4. Solution: Before applying this update, make sure all previously released errata
relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs. Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 6. RPMs required: Red Hat Linux 6.2: SRPMS: ftp://updates.redhat.com/6.2/en/os/SRPMS/wu-ftpd-2.6.1-0.6x.21.src.rpm alpha: ftp://updates.redhat.com/6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha.rpm i386: ftp://updates.redhat.com/6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rpm sparc: ftp://updates.redhat.com/6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc.rpm Red Hat Linux 7.0: SRPMS: ftp://updates.redhat.com/7.0/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm alpha: ftp://updates.redhat.com/7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm i386: ftp://updates.redhat.com/7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm Red Hat Linux 7.1: SRPMS: ftp://updates.redhat.com/7.1/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm alpha: ftp://updates.redhat.com/7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm i386: ftp://updates.redhat.com/7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm ia64: ftp://updates.redhat.com/7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rpm Red Hat Linux 7.2: SRPMS: ftp://updates.redhat.com/7.2/en/os/SRPMS/wu-ftpd-2.6.1-20.src.rpm i386: ftp://updates.redhat.com/7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm 7. Verification: MD5 sum Package Name a33d4557c473b88cc7bed8718bd07a2f 6.2/en/os/SRPMS/wu-ftpd-2.6.1-0.6x.21.src.rpm
da84b22853f1048d45803ebeec8d061c 6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha.rpm
281fa607c3f6479e369673cb9247d169 6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rpm
20bf731056d48351d2194956f4762091 6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc.rpm
52406d7ddd2c14c669a8c9203f99ac5c 7.0/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm
35315a5fa466beb3bdc26aa4fc1c872f 7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm
c97683b85603d34853b3825c9b694f20 7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm
52406d7ddd2c14c669a8c9203f99ac5c 7.1/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm
35315a5fa466beb3bdc26aa4fc1c872f 7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm
c97683b85603d34853b3825c9b694f20 7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm
56af9e1de2b3d532e1e4dce18636f6c4 7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rpm
efd2a876ad8d7c4879d3eeaeeec7fcef 7.2/en/os/SRPMS/wu-ftpd-2.6.1-20.src.rpm
7306f24d3d7d518068c5e08959d43bdd 7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at: http://www.redhat.com/about/contact/pgpkey.html You can verify each package with the following command: rpm --checksig
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 21, 2001 Updated: November 27, 2001
Not Affected
SGI does not ship IRIX with WU-FTPd, so IRIX is not vulnerable to these issues.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 21, 2001 Updated: November 30, 2001
Affected
Sun [Solaris] does not ship WU-FTPD, thus Solaris is not affected by these issues. The only Sun Cobalt Server Appliance that is vulnerable to this exploit is the Qube1. The Qube1 is no longer a supported appliance, but we do understand the need of having updates available. The following RPM is not officially supported by Sun Cobalt, but offers legacy customers the ability to maintain a limited level of security. Qube1:
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: November 29, 2001
Affected
-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: wuftpd
Announcement-ID: SuSE-SA:2001:043
Date: Wednesday, Nov. 28th, 2001 23:45 MET
Affected SuSE versions: 6.3, 6.4, 7.0, 7.1, 7.2, 7.3
Vulnerability Type: remote root compromise
Severity (1-10): 7
SuSE default package: no
Other affected systems: all liunx-like systems using wu-ftpd 2.4.x /
2.6.0 / 2.6.1 Content of this advisory: 1) security vulnerability resolved: wuftpd
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information) 1) problem description, brief discussion, solution, upgrade information The wuftpd package as shipped with SuSE Linux distributions comes with
two versions of wuftpd: wuftpd-2.4.2, installed as /usr/sbin/wuftpd,
and wuftpd-2.6.0, installed as /usr/sbin/wuftpd-2.6. The admin decides which version to use by the inetd/xinetd
configuration. The CORE ST Team had found an exploitable bug in all versions of wuftpd's
ftpglob() function. The glob function overwrites buffer bounds while matching open and closed
brackets. Due to a missing \0 at the end of the buffer a later call to a
function that frees allocated memory will feed free(3) with userdefined
data. This bug could be exploited depending on the implementation of
the dynmaic allocateable memory API (malloc(3), free(3)) in the libc
library. Linux and other system are exploitable! Some weeks ago, an internal source code audit of wu-ftpd 2.6.0 performed
by Thomas Biege, SuSE Security, revealed some other security related bugs
that are fixed in the new RPM packages. Additionally, code from wu-ftpd
2.6.1 were backported to version 2.6.0 to make it more stable. A temporary fix other than using a different server implementation of
the ftp protocol is not available. We recommend to update the wuftpd
package on your system. We thank the wuftpd team for their work on the bug, particularly because
the coordination between the vendors and the wuftpd developers lacked
the necessary discipline for the timely release of the information
about the problem. Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Uhv file.rpm" to apply
the update. i386 Intel Platform: SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/wuftpd-2.6.0-344.i386.rpm
d1b549b8c2d91d66a8b35fe17a1943b3
source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/wuftpd-2.6.0-344.src.rpm
9ef0e6ac850499dc0150939c62bc146f SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/wuftpd-2.6.0-344.i386.rpm
4583443a993107b26529331fb1e6254d
source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/wuftpd-2.6.0-344.src.rpm
aaee0343670feae70ccc9217a8e22211 SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/wuftpd-2.6.0-346.i386.rpm
347a030a85cb5fcbe32d3d79d382e19e
source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/wuftpd-2.6.0-346.src.rpm
aa3e53641f6ce0263196e6f1cb0447c3 SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/wuftpd-2.6.0-344.i386.rpm
e34eec18ecc10f187f6aa1aa3b24b75b
source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/wuftpd-2.6.0-344.src.rpm
fafc8c2bbd68dd5ca3d04228433c359a SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/wuftpd-2.6.0-344.i386.rpm
2354abe95b056762c7f6584449291ff2
source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/wuftpd-2.6.0-344.src.rpm
507b8d484b13737c9d2b6a68fda0cc26 SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/wuftpd-2.6.0-347.i386.rpm
9851ad02e656bba8b5e02ed2ddb46845
source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/wuftpd-2.6.0-347.src.rpm
5d7c4b6824836ca28b228cc5dcfc4fd6 Sparc Platform: SuSE-7.3
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/wuftpd-2.6.0-240.sparc.rpm
2d19e4ead17396a1e28fca8745f9629d
source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/wuftpd-2.6.0-240.src.rpm
bdb0b5ddd72f8563db3c8e444a0df7f5 SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/wuftpd-2.6.0-242.sparc.rpm
f6b04f284bece6bf3700facccc015ffe
source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/wuftpd-2.6.0-242.src.rpm
1660547ac9a5a3b32a4070d69803cf18 SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/wuftpd-2.6.0-241.sparc.rpm
1bd905b095b9a4bb354fc190b6e54a01
source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/wuftpd-2.6.0-241.src.rpm
597263eb7d0fbbf242d519d3c126a441 AXP Alpha Platform: SuSE-7.1
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/wuftpd-2.6.0-252.alpha.rpm
e608bfd2cc9e511c6eb6932c33c68789
source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/wuftpd-2.6.0-252.src.rpm
34915af1ca79b27bad8bc2fd3a5cab05 SuSE-7.0
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/wuftpd-2.6.0-251.alpha.rpm
86a7d8f60d76a053873bcc13860b0bbb
source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/wuftpd-2.6.0-251.src.rpm
9674f9f1630b3107ac22d275705da76e SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/wuftpd-2.6.0-251.alpha.rpm
2501444a1e4241e8f6f4cdcc6fd133b0
source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/wuftpd-2.6.0-251.src.rpm
34812d943900bdb902ad7edd40e1943f SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/wuftpd-2.6.0-250.alpha.rpm
429a49ef9d4d0865fbb443c212b8a8c7
source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/wuftpd-2.6.0-250.src.rpm
76467dae0f460677ba80ec907eefca28 PPC Power PC Platform: SuSE-7.3
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/wuftpd-2.6.0-277.ppc.rpm
a381269b3e2fc43fda59e4d08aef57ae
source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/wuftpd-2.6.0-277.src.rpm
7cacb696a88e57a843402a796212aee6 SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/wuftpd-2.6.0-277.ppc.rpm
bfc39be2c09323d96f974fdd0c73fda1
source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/wuftpd-2.6.0-277.src.rpm
e2681b2ed4801ce14b5dfb926480ac51 SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/wuftpd-2.6.0-279.ppc.rpm
19f989e637fd9b6fa652f8a4014bb7b1
source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/wuftpd-2.6.0-279.src.rpm
76c493a915691c51a2481f0925e8ce39 SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/wuftpd-2.6.0-278.ppc.rpm
ad29cf172bbd03a5e1f301cf6b9404e5
source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/wuftpd-2.6.0-278.src.rpm
82338702692eba599d8c3d242aff3d1a 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - ssh/openssh exploits
The wrong fix for the crc32-compensation attack is currently actively
exploited in the internet for both the ssh and the openssh
implementation of the ssh-1 protocol. We urge our users to upgrade their ssh or openssh packages to the
latest versions that are located on our ftp server at the usual
directories, referred to via
http://www.suse.de/de/support/security/adv004_ssh.txt from February
earlier this year. Please note, the packages for the SuSE Linux distributions 7.0 and
older containing cryptographic code are located on the German ftp
server ftp.suse.de, the distributions 7.1 and newer have their crypto
updates on ftp.suse.com. There are legal constraints beyond our
control that lead to this situation. Openssh packages of the version 2.9.9p2 ready to download on the ftp
server ftp.suse.com. They fix the security problems mentioned above,
along with a set of less serious security problems. The announcement is still pending while investigations about the
status of the package are in progress. - libgtop_daemon
The libgtop_daemon, part of the libgtop package for gathering and
monitoring process and system information, has been found vulnerable
to a format string error. We are in the process of providing fixes for
the affected distributions 6.4-7.3. In the meanwhile, we recommend to
disable the libgtop_daemon on systems where it is running. This daemon
is neither installed nor started (if installed) by default on SuSE
Systems. - kernel updates
A bug in the elf loader of the linux kernels version 2.4 from our
announcement SSA:2001:036 can cause a system to crash if a user
executes a vmlinux kernel image. We are preparing another update
series to workaround this problem and will re-issue the kernel
announcement as soon as possible. 3) standard appendix: SuSE runs two security mailing lists to which any interested party may
subscribe: suse-security@suse.com
- general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: February 04, 2002
Affected
Turbolinux Security Announcement Package : wu-ftpd
Vulnerable Packages: Versions previous to wu-ftpd-2.6.1-10
Date: Wed Jan 23 12:26:21 PST 2002 Affected Turbolinux versions: previous to wu-ftpd-2.6.1-10 Turbolinux Advisory ID#: TLSA2002002 Credits: http://www.debian.org/security/2001/dsa-087 A security hole was discovered in the package mentioned above. Please update the package in your installation as soon as possible. 1. Problem Summary CORE ST reports that an exploit has been found for a bug in the wu-ftpd
glob code. This is the code that handles filename wild card expansion. 2. Impact Any logged in user (including anonymous FTP users) can exploit the bug to
gain root privileges on the server. 3. Solution This has been corrected in version wu-ftpd-2.6.1-10 Update the package from our ftp server by running the following command: rpm -Uvh ftp://ftp.turbolinux.com/pub/updates/6.0/security/
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 20, 2001 Updated: November 30, 2001
Affected
The WU-FTPD Development Group has released a patch that addresses this issue in WU-FTPD 2.6.1:
WU-FTPD 2.6.2 is available and addresses this issue:The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.