<<< Date Index >>>     <<< Thread Index >>>

OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : wu-ftpd fb_realpath() off-by-one bug



To: bugtraq@xxxxxxxxxxxxxxxxx announce@xxxxxxxxxxxxxxxxx 
full-disclosure@xxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : 
wu-ftpd fb_realpath() off-by-one bug
Advisory number:        CSSA-2003-SCO.20
Issue date:             2003 September 18
Cross reference:        sr882339 fz528115 erg712363
______________________________________________________________________________


1. Problem Description

         Wu-ftpd FTP server contains remotely exploitable off-by-one
         bug. A local or remote attacker could exploit this
         vulnerability to gain root privileges on a vulnerable
         system. 
         
         The Common Vulnerabilities and Exposures project
         (cve.mitre.org) has assigned the name CAN-2003-0466 to
         this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.5 - 5.0.7        /etc/ftpd

3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.7

        4.1 Install Maintenance pack 1.

        4.2 Location of Maintenance pack 1.

        ftp://ftp.sco.com/pub/openserver5/osr507mp/

        4.3 Installing Maintenance pack 1.

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to the /tmp directory

        2) Run the custom command, specify an install from media
        images, and specify the /tmp directory as the location of
        the images.

5. OpenServer 5.0.6 - 5.0.5

        5.1 First, install:

                OSS646B - Execution Environment Supplement

        5.2 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.20

        5.3 Verification

        MD5 (VOL.000.000) = 7cde8ff3cf05658b054dae20f6620bcb

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        5.4 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to the /tmp directory

        2) Run the custom command, specify an install from media
        images, and specify the /tmp directory as the location of
        the images.


6. References

        Specific references for this advisory:
                http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466 
                http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt 
                http://www.ciac.org/ciac/bulletins/n-132.shtml

        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr882339 fz528115
        erg712363.


8. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


9. Acknowledgments

         SCO would like to thank Wojciech Purczynski and Janusz
         Niewiadomski for the advisory.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/bzTsaqoBO7ipriERAidHAJ4wpBW9J3GCPEwn6Mak9t5+XAZAwgCghQSs
q7S5CxTJrBp2c0KqG+NM+Zw=
=4pz6
-----END PGP SIGNATURE-----