OpenLinux: wu-ftpd fb_realpath() off-by-one bug
To: announce@xxxxxxxxxxxxx bugtraq@xxxxxxxxxxxxxxxxx
security-alerts@xxxxxxxxxxxxxxxxx full-disclosure@xxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenLinux: wu-ftpd fb_realpath() off-by-one bug
Advisory number: CSSA-2003-024.0
Issue date: 2003 September 26
Cross reference: sr882340 fz528117 erg712364
______________________________________________________________________________
1. Problem Description
Wu-ftpd FTP server contains remotely exploitable off-by-one bug. A
local or remote attacker could exploit this vulnerability to gain
root privileges on a vulnerable system. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0466 to this issue.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to
wu-ftpd-2.6.1-14.i386.rpm
OpenLinux 3.1.1 Workstation prior to
wu-ftpd-2.6.1-14.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-024.0/RPMS
4.2 Packages
5dfb4811abe8ccf46d8c523b13ef34d1 wu-ftpd-2.6.1-14.i386.rpm
4.3 Installation
rpm -Fvh wu-ftpd-2.6.1-14.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-024.0/SRPMS
4.5 Source Packages
13d7a9857c9151477e20e49f25d48169 wu-ftpd-2.6.1-14.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-024.0/RPMS
5.2 Packages
05b6a116c8160033f16b7c52611c1f86 wu-ftpd-2.6.1-14.i386.rpm
5.3 Installation
rpm -Fvh wu-ftpd-2.6.1-14.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-024.0/SRPMS
5.5 Source Packages
b53bca2a2dcce72aa0f15c661961d2b6 wu-ftpd-2.6.1-14.src.rpm
6. References
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr882340 fz528117
erg712364.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj94iDAACgkQbluZssSXDTFPOgCfUrIFx1+jG+51w04qHaFxD4eT
KGgAni1FaEkMP36sPMlA6vkkPgLHsHwV
=zh3M
-----END PGP SIGNATURE-----