SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   Royal Institute of Technology
(Gentoo Issues Fix for Heimdal Kerberos ftpd) NetBSD ftpd Multiple Flaws Let Remote Users Gain Root Access
SecurityTracker Alert ID:  1011325
SecurityTracker URL:  http://securitytracker.com/id/1011325
CVE Reference:   CVE-2004-0794   (Links to External Site)
Date:  Sep 16 2004
Impact:   Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.6.3
Description:   Several vulnerabilities were reported in NetBSD's ftpd. A remote user can gain root access on the target system. The ftpd in Heimdal Kerberos is affected.

NetBSD reported that there are a series of flaws in ftpd. A remote user can exploit these flaws together to manipulate files on the target system with root privileges, leading to root access on the target system. No details were provided.

The vendor reports that since NetBSD 1.5.3, ftpd is disabled by default.

NetBSD credits Przemyslaw Frasunek with reporting this flaw.

Impact:   A remote user can gain root access on the target system.
Solution:   Gentoo has issued a fix and indicates that all Heimdal users should upgrade to the latest version:

# emerge sync

# emerge -pv ">=app-crypt/heimdal-0.6.3"
# emerge ">=app-crypt/heimdal-0.6.3"

Vendor URL:  www.pdc.kth.se/heimdal/advisory/2004-09-13/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Gentoo)
Underlying OS Comments:  2.0 and prior versions

Message History:   This archive entry is a follow-up to the message listed below.
Aug 17 2004 NetBSD ftpd Multiple Flaws Let Remote Users Gain Root Access



 Source Message Contents

Subject:  [gentoo-announce] [ GLSA 200409-19 ] Heimdal: ftpd root escalation


--nextPart2772196.J905dLWCmD
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200409-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Heimdal: ftpd root escalation
      Date: September 16, 2004
      Bugs: #61412
        ID: 200409-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Several bugs exist in the Heimdal ftp daemon which could allow a remote
attacker to gain root privileges.

Background
==========

Heimdal is an implementation of Kerberos 5.

Affected packages
=================

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  app-crypt/heimdal       < 0.6.3                          >= 0.6.3

Description
===========

Przemyslaw Frasunek discovered several flaws in lukemftpd, which also
apply to Heimdal ftpd's out-of-band signal handling code.

Additionally, a potential vulnerability that could lead to Denial of
Service by the Key Distribution Center (KDC) has been fixed in this
version.

Impact
======

A remote attacker could be able to run arbitrary code with escalated
privileges, which can result in a total compromise of the server.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Heimdal users should upgrade to the latest version:

    # emerge sync

    # emerge -pv ">=app-crypt/heimdal-0.6.3"
    # emerge ">=app-crypt/heimdal-0.6.3"

References
==========

  [ 1 ] Heimdal advisory
        http://www.pdc.kth.se/heimdal/advisory/2004-09-13/
  [ 2 ] Advisory by Przemyslaw Frasunek
        http://www.frasunek.com/lukemftpd.txt
  [ 3 ] CAN-2004-0794
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0794

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200409-19.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0

--nextPart2772196.J905dLWCmD
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBBSUrHzKC5hMHO6rkRAml6AJ4+X+dyepLMGgEUwJvunoApyRQ9mwCfStB4
4ARnlGw735tX3FNyJ6vJ1Ms=
=rjaI
-----END PGP SIGNATURE-----

--nextPart2772196.J905dLWCmD--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC