[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PISA-18_NOV_99_003



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

              .------------------------------------------------.
              |**** Project Independence Security Advisory ****|
              `-----------* ID: PISA-18-NOV-99-003 *-----------'
               Issued by: David Webster <cognition@bigfoot.com>

Issue Date: 18-NOV-99

Overview: Security problems in WU-FTPD

Affected: Independence Release 6.0-0.8 (Redhat 6.0)

References: RedHat Security Advisory; RHSA-1999:043-01
	    CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD;
	    http://www.cert.org
	    AUSCERT Advisory AA-1999.01;
ftp://www.auscert.org.au/security/advisory/AA-1999.01.wu-ftpd.mapping_chdir.vul
	    AUSCERT Advisory AA-1999.02;
ftp://www.auscert.org.au/security/advisory/AA-1999.02.multi.wu-ftpd.vuls

                                  -=-=-==-=-=-

Detailed Problem Description:

	Three vulnerabilities have been identified in WU-FTPD and other
	ftp daemons based on the WU-FTPD source code.

	Vulnerability #1: MAPPING_CHDIR Buffer Overflow
	Vulnerability #2: Message File Buffer Overflow

   		Remote and local intruders may be able exploit these
		vulnerabilities to execute arbitrary code as the user
		running the ftpd daemon, usually root.

	Vulnerability #3: SITE NEWER Consumes Memory

		Remote and local intruders who can connect to the FTP
		server can cause the server to consume excessive amounts
		of memory, preventing normal system operation. If intruders
		can create files on the system, they may be able exploit
		this vulnerability to execute arbitrary code as the user
		running the ftpd daemon, usually root.

Solution:

	Update the affected RPM packages by downloading and
	installing the RPMs listed below. For each RPM, run:

		root# rpm -Uvh <filename>

	where <filename> is the name of the RPM.

	[Note: You need only install EITHER the compiled RPM,
	(*.i386.rpm) OR the source RPM, (*.src.rpm), NOT both.]

RPMs:

  ftp://updates.redhat.com//6.0/i386/wu-ftpd-2.6.0-1.i386.rpm

Source RPMs:

  ftp://updates.redhat.com//6.0/SRPMS/wu-ftpd-2.6.0-1.src.rpm

Verification:

MD5 sum                           Package Name
- --------------------------------------------------------------------------
dcd5d04df11849007aa3c4fb398cfbfb  i386/wu-ftpd-2.6.0-1.i386.rpm
7e30ea42e82908752b943621580f6f1c  SRPMS/wu-ftpd-2.6.0-1.src.rpm
- --------------------------------------------------------------------------

These packages are GPG signed by Red Hat, Inc. for security.
Their key is available at: http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

This security advisory, and all future ones should be signed by me,
David Webster (aka cognition), with key ID: 45 FA C2 83

Which is avaliable from: [http://www.cognite.net/pgp.html],
			 and most good pgp key servers.

An archive of these messages can be currently be found on:
http://www.cognite.net/indy/

A process of automatic retrival is being worked on.

[Note: these problems were discovered, and fixed by RedHat.]

	.---------------------------------------------------.
	| And problems regarding this, or future advisories |
	| should be emailed to me: <cognition@bigfoot.com>  |
	`---------------------------------------------------'
-----BEGIN PGP SIGNATURE-----
Comment: David Webster (aka cogNiTioN) <http://www.cognite.net/>

iD8DBQE4OX2ODdLNO0X6woMRAgwdAJ4q3/I394Jy/FoqFYtgaMaY3EownQCeKoqf
u2kHJyObvqud1hNP0GyPuQ0=
=uWm4
-----END PGP SIGNATURE-----