From info@calderasystems.com Thu Feb 18 19:18:23 1999 From: Caldera Systems Information To: caldera-announce@rim.caldera.com Date: Thu, 18 Feb 1999 17:50:39 -0700 Reply-To: info@caldera.com Subject: SECURITY [CSSA-1999:004.0] -- Buffer overflow in wu-ftpd -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: Buffer overflow in wu-ftpd Advisory number: CSSA-1999:004.0 Issue date: 1999 Feb 18 Cross reference: none ______________________________________________________________________________ 1. Problem Description There is a buffer overflow in wu-ftpd's handling of the MKD and DELE commands with a path name that, combined with the current directory, exceeds 1024 bytes. This can be exploited to gain root privileges. 2. Vulnerable Versions Systems: OpenLinux 1.0, 1.1, 1.2, 1.3. Packages: < wu-ftpd-2.4.2b17-8.i386.rpm 3. Solutions The proper solution is to upgrade to the wu-ftpd-2.4.2b17-8 package. 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/current/SRPMS 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -q wu-ftpd && rpm -U wu-ftpd-2.4.2b17-8.i386.rpm 6. Verification For instructions about verifying the authenticity of these packages refer to: http://www.calderasystems.com/news/security/verification.html The MD5 checksums (from the "md5sum" command) for these packages are: 6b6b1217797ed1f71654eeaf7a3cc492 RPMS/wu-ftpd-2.4.2b17-8.i386.rpm 20ad071a8cd2d1654fc911be099ff962 SRPMS/wu-ftpd-2.4.2b17-8.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html This security fix closes Caldera's internal Problem Report 4265. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNsxnyOn+9R4958LpAQFumAQAmycN2w6OpPhgfkgHb6ArwxFUkc7BvSMh htPEG1NHfBg6slJNJ+Cg6QJj77+w9AaUTKtBFUUF6ifSJZpiZTzWWfqHTIyN9XlU pgX1i0bL3m0a0RB9ZIC8ZeWbKnUroMHcmQUduoNgTt50htVZlGkJ8A9NdkEVzRT8 pHoWEklC3CU= =TY+w -----END PGP SIGNATURE----- - Notes: To learn how to use this list server, email a "help" command to majordomo@rim.caldera.com.