SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (File Transfer/Sharing)  >   Wu-ftpd Vendors:   WU-FTPD Development Group
WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server
SecurityTracker Alert ID:  1002833
SecurityTracker URL:  http://securitytracker.com/id/1002833
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Nov 28 2001
Original Entry Date:  Nov 28 2001
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.6.1-18 and prior
Description:   Red Hat reported a vulnerability in the WU-FTPD FTP server. An error in expanding (globbing) file names may allow remote users to execute arbitrary code on the FTP server.

It is reported that a remote user with access to an FTP server account (including anonymous access) can specify a "file globbing" pattern where the server will attempt to find matching files based on the pattern. If a malformed globbing pattern is used, the remote user can trigger the vulnerability and cause the process to overwrite memory that was not properly allocated, creating a heap overwrite condition. This may allow the remote user to execute arbitrary code on the server with the privileges of the FTP server (which is typically root level privileges).

If the globbing pattern is '~{', the error can be triggered.
Impact:   A remote user with access to the FTP server, including anonymous access, can execute arbitrary code on the server with the permissions of the FTP server (which is typically root level privileges).
Solution:   Red Hat has released a fixed WU-FTPD package. Other vendors are expected to release patches shortly.

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/wu-ftpd-2.6.1-0.6x.21.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/wu-ftpd-2.6.1-20.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm

The verification checksums are:

MD5 sum Package Name
--------------------------------------------------------------------------
a33d4557c473b88cc7bed8718bd07a2f 6.2/en/os/SRPMS/wu-ftpd-2.6.1-0.6x.21.src.rpm
da84b22853f1048d45803ebeec8d061c 6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha.rpm
281fa607c3f6479e369673cb9247d169 6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rpm
20bf731056d48351d2194956f4762091 6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc.rpm
52406d7ddd2c14c669a8c9203f99ac5c 7.0/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm
35315a5fa466beb3bdc26aa4fc1c872f 7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm
c97683b85603d34853b3825c9b694f20 7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm
52406d7ddd2c14c669a8c9203f99ac5c 7.1/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm
35315a5fa466beb3bdc26aa4fc1c872f 7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm
c97683b85603d34853b3825c9b694f20 7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm
56af9e1de2b3d532e1e4dce18636f6c4 7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rpm
efd2a876ad8d7c4879d3eeaeeec7fcef 7.2/en/os/SRPMS/wu-ftpd-2.6.1-20.src.rpm
7306f24d3d7d518068c5e08959d43bdd 7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm
Vendor URL:  www.wu-ftpd.org/ (Links to External Site)
Cause:   Boundary error, Exception handling error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(A User Provides a Generic Patch) Re: WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (Mark Canter <marcus@doutlets.com>)
A user has provided a generic patch.
(SuSE Issues Fix) Re: WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (Roman Drahtmueller <draht@suse.de>)
SuSE has issued a fix.
(Caldera Issues Fix) WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (Support Info <supinfo@caldera.com>)
The vendor has released a fix.
(Core Advisory Contains Details) Re: WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (Rain Forest Puppy <rfp@vulnwatch.org>)
Core Security issued an advisory containing details about the vulnerability.
(Immunix Issues Fix) WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (Immunix Security Team <security@wirex.com>)
The vendor has released a fix.
(Conectiva Issues Fix) WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (secure@conectiva.com.br)
Conectiva has released a fix.
(Mandrake Issues Fix) WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (Linux Mandrake Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
(Immunix Issues Fix) WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (Immunix Security Team <security@wirex.com>)
Immunix has released a fix.
(Conectiva Issues Updated Fix) WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (secure@conectiva.com.br)
Conectiva has released an updated fix.
(Caldera Releases Fix for Open UNIX/UnixWare) Re: WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server
Caldera has released a fix for Open UNIX and UnixWare.
(Debian Issues Fix) WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (Wichert Akkerman <wichert@wiggy.net>)
The vendor has released a fix.
(FreeBSD Issues Fix) WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>)
The vendor has released a fix for FreeBSD.
(Caldera Releases Fix for OpenServer) Re: WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server
The vendor has released a fix for OpenServer.
(HP Issues Fix) WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (support_feedback@us-support.external.hp.com (IT Resource Center ))
The vendor has released a fix for HP/UX.
(Turbolinux Issues Fix) WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (Turbolinux <security@turbolinux.com>)
The vendor has released a fix.
(Caldera Issues Revised Fix for UnixWare/Open UNIX) WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server   (security@caldera.com)
The vendor has released a revised fix for UnixWare/Open UNIX.


 Source Message Contents
Date:  Tue, 27 Nov 2001 18:37 -0500
Subject:  [RHSA-2001:157-06] Updated wu-ftpd packages are available


---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated wu-ftpd packages are available
Advisory ID:       RHSA-2001:157-06
Issue date:        2001-11-20
Updated on:        2001-11-26
Product:           Red Hat Linux
Keywords:          wu-ftpd buffer overrun glob ftpglob
Cross references:  
Obsoletes:         RHSA-2000:039
---------------------------------------------------------------------

1. Topic:

Updated wu-ftpd packages are available to fix an overflowable buffer.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386

Red Hat Linux 7.1 - alpha, i386, ia64

Red Hat Linux 7.2 - i386

3. Problem description:

An overflowable buffer exists in earlier versions of wu-ftpd.
An attacker could gain access to the machine by sending malicious 
commands.

It is recommended that all users of wu-ftpd upgrade to the lastest
version.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):



6. RPMs required:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/wu-ftpd-2.6.1-0.6x.21.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/wu-ftpd-2.6.1-20.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
a33d4557c473b88cc7bed8718bd07a2f 6.2/en/os/SRPMS/wu-ftpd-2.6.1-0.6x.21.src.rpm
da84b22853f1048d45803ebeec8d061c 6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha.rpm
281fa607c3f6479e369673cb9247d169 6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rpm
20bf731056d48351d2194956f4762091 6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc.rpm
52406d7ddd2c14c669a8c9203f99ac5c 7.0/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm
35315a5fa466beb3bdc26aa4fc1c872f 7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm
c97683b85603d34853b3825c9b694f20 7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm
52406d7ddd2c14c669a8c9203f99ac5c 7.1/en/os/SRPMS/wu-ftpd-2.6.1-16.7x.1.src.rpm
35315a5fa466beb3bdc26aa4fc1c872f 7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.rpm
c97683b85603d34853b3825c9b694f20 7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rpm
56af9e1de2b3d532e1e4dce18636f6c4 7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rpm
efd2a876ad8d7c4879d3eeaeeec7fcef 7.2/en/os/SRPMS/wu-ftpd-2.6.1-20.src.rpm
7306f24d3d7d518068c5e08959d43bdd 7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:




Copyright(c) 2000, 2001 Red Hat, Inc.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC