From security@caldera.com Sun Feb 17 12:21:09 2002 From: security@caldera.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, scoannmod@xenitec.on.ca Date: Thu, 14 Feb 2002 14:36:31 -0800 Subject: Security Update: [CSSA-2001-SCO.36.2] REVISED: Open UNIX, UnixWare 7: wu-ftpd ftpglob() vulnerability To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: REVISED: Open UNIX, UnixWare 7: wu-ftpd ftpglob() vulnerability Advisory number: CSSA-2001-SCO.36.2 Issue date: 2002 February 14 Cross reference: CSSA-2001-SCO.36, CSSA-2001-SCO.36.1 ___________________________________________________________________________ 1. Problem Description [ The CSSA-2001-SCO.36.1 version of this fix did not handle deep recursion of directory hierarchies well ] [ The CSSA-2001-SCO.36 version of this fix did not handle braces "{" or "}" well ] A vulnerability in the wu-ftpd ftpglob() function was found by the CORE ST team. This vulnerability may be exploited to obtain root access on the ftp server. An nlist with a deeply recursive argument in an ftpd session consumes a very large amount of disk and CPU resources on the server, thus constituting a denial of service attack. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ UnixWare 7 All /usr/sbin/in.ftpd Open UNIX 8.0.0 /usr/sbin/in.ftpd 3. Workaround None. 4. UnixWare 7, Open UNIX 8 4.1 Location of Fixed Binaries ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.36.2/ 4.2 Verification md5 checksums: MD5 (erg501215b.Z) = 5dc14febd11a88e1b58dfba93f033ea8 md5 is available for download from ftp://stage.caldera.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: Download erg501215b.Z to /tmp # uncompress /tmp/erg501215b.Z # pkgadd -d /tmp/erg501215b 5. References CORE-20011001: Wu-FTP glob heap corruption vulnerability http://www.corest.com CERT Advisory CA-2001-33 Multiple Vulnerabilities in WU-FTPD http://www.cert.org http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0550 This and other advisories are located at http://stage.caldera.com/support/security This advisory addresses Caldera Security internal incidents sr856023, fz519403, erg711908, erg501215. 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. 7. Acknowledgements This vulnerability was originally reported by Matt Power of BindView on the vuln-dev mailing list. ___________________________________________________________________________ [Part 2, Application/PGP-SIGNATURE 245bytes] [Unable to print this part]