.------------------------------------------------. |**** Project Independence Security Advisory ****| `-----------* ID: PISA-18-NOV-99-003 *-----------' Issued by: David Webster Issue Date: 18-NOV-99 Overview: Security problems in WU-FTPD Affected: Independence Release 6.0-0.8 (Redhat 6.0) References: RedHat Security Advisory; RHSA-1999:043-01 CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD; http://www.cert.org AUSCERT Advisory AA-1999.01; ftp://www.auscert.org.au/security/advisory/AA-1999.01.wu-ftpd.mapping_chdir.vul AUSCERT Advisory AA-1999.02; ftp://www.auscert.org.au/security/advisory/AA-1999.02.multi.wu-ftpd.vuls -=-=-==-=-=- Detailed Problem Description: Three vulnerabilities have been identified in WU-FTPD and other ftp daemons based on the WU-FTPD source code. Vulnerability #1: MAPPING_CHDIR Buffer Overflow Vulnerability #2: Message File Buffer Overflow Remote and local intruders may be able exploit these vulnerabilities to execute arbitrary code as the user running the ftpd daemon, usually root. Vulnerability #3: SITE NEWER Consumes Memory Remote and local intruders who can connect to the FTP server can cause the server to consume excessive amounts of memory, preventing normal system operation. If intruders can create files on the system, they may be able exploit this vulnerability to execute arbitrary code as the user running the ftpd daemon, usually root. Solution: Update the affected RPM packages by downloading and installing the RPMs listed below. For each RPM, run: root# rpm -Uvh where is the name of the RPM. [Note: You need only install EITHER the compiled RPM, (*.i386.rpm) OR the source RPM, (*.src.rpm), NOT both.] RPMs: http://independence.seul.org/security/1999/rpms/wu-ftp-2.6.0-1.i386.rpm ftp://updates.redhat.com//6.0/i386/wu-ftpd-2.6.0-1.i386.rpm Source RPMs: http://independence.seul.org/security/1999/rpms/wu-ftp-2.6.0-1.src.rpm ftp://updates.redhat.com//6.0/SRPMS/wu-ftpd-2.6.0-1.src.rpm Verification: MD5 sum Package Name -------------------------------------------------------------------------- dcd5d04df11849007aa3c4fb398cfbfb i386/wu-ftpd-2.6.0-1.i386.rpm 7e30ea42e82908752b943621580f6f1c SRPMS/wu-ftpd-2.6.0-1.src.rpm -------------------------------------------------------------------------- These packages are GPG signed by Red Hat, Inc. for security. Their key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg This security advisory, and all future ones should be signed by me, David Webster (aka cognition), with key ID: 45 FA C2 83 Which is avaliable from: [http://www.cognite.net/pgp.html], and most good pgp key servers. An archive of these messages can be currently be found on: http://www.cognite.net/indy/ A process of automatic retrival is being worked on. [Note: these problems were discovered, and fixed by RedHat.] .---------------------------------------------------. | And problems regarding this, or future advisories | | should be emailed to me: | `---------------------------------------------------'