[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PISA-18_NOV_99_003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
.------------------------------------------------.
|**** Project Independence Security Advisory ****|
`-----------* ID: PISA-18-NOV-99-003 *-----------'
Issued by: David Webster <cognition@bigfoot.com>
Issue Date: 18-NOV-99
Overview: Security problems in WU-FTPD
Affected: Independence Release 6.0-0.8 (Redhat 6.0)
References: RedHat Security Advisory; RHSA-1999:043-01
CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD;
http://www.cert.org
AUSCERT Advisory AA-1999.01;
ftp://www.auscert.org.au/security/advisory/AA-1999.01.wu-ftpd.mapping_chdir.vul
AUSCERT Advisory AA-1999.02;
ftp://www.auscert.org.au/security/advisory/AA-1999.02.multi.wu-ftpd.vuls
-=-=-==-=-=-
Detailed Problem Description:
Three vulnerabilities have been identified in WU-FTPD and other
ftp daemons based on the WU-FTPD source code.
Vulnerability #1: MAPPING_CHDIR Buffer Overflow
Vulnerability #2: Message File Buffer Overflow
Remote and local intruders may be able exploit these
vulnerabilities to execute arbitrary code as the user
running the ftpd daemon, usually root.
Vulnerability #3: SITE NEWER Consumes Memory
Remote and local intruders who can connect to the FTP
server can cause the server to consume excessive amounts
of memory, preventing normal system operation. If intruders
can create files on the system, they may be able exploit
this vulnerability to execute arbitrary code as the user
running the ftpd daemon, usually root.
Solution:
Update the affected RPM packages by downloading and
installing the RPMs listed below. For each RPM, run:
root# rpm -Uvh <filename>
where <filename> is the name of the RPM.
[Note: You need only install EITHER the compiled RPM,
(*.i386.rpm) OR the source RPM, (*.src.rpm), NOT both.]
RPMs:
ftp://updates.redhat.com//6.0/i386/wu-ftpd-2.6.0-1.i386.rpm
Source RPMs:
ftp://updates.redhat.com//6.0/SRPMS/wu-ftpd-2.6.0-1.src.rpm
Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
dcd5d04df11849007aa3c4fb398cfbfb i386/wu-ftpd-2.6.0-1.i386.rpm
7e30ea42e82908752b943621580f6f1c SRPMS/wu-ftpd-2.6.0-1.src.rpm
- --------------------------------------------------------------------------
These packages are GPG signed by Red Hat, Inc. for security.
Their key is available at: http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
This security advisory, and all future ones should be signed by me,
David Webster (aka cognition), with key ID: 45 FA C2 83
Which is avaliable from: [http://www.cognite.net/pgp.html],
and most good pgp key servers.
An archive of these messages can be currently be found on:
http://www.cognite.net/indy/
A process of automatic retrival is being worked on.
[Note: these problems were discovered, and fixed by RedHat.]
.---------------------------------------------------.
| And problems regarding this, or future advisories |
| should be emailed to me: <cognition@bigfoot.com> |
`---------------------------------------------------'
-----BEGIN PGP SIGNATURE-----
Comment: David Webster (aka cogNiTioN) <http://www.cognite.net/>
iD8DBQE4OX2ODdLNO0X6woMRAgwdAJ4q3/I394Jy/FoqFYtgaMaY3EownQCeKoqf
u2kHJyObvqud1hNP0GyPuQ0=
=uWm4
-----END PGP SIGNATURE-----