Wu-ftpd Buffer Overflow Vulnerability

Giorgius · 10-10-2003, 16.51.42

N-132: Wu-ftpd Buffer Overflow Vulnerability
[Red Hat Security Advisory RHSA-2003:245-15]
July 31, 2003 18:00 GMT
[Revised 13 Aug 2003]
[Revised 14 Aug 2003]
[Revised 5 Sept 2003]
[Revised 8 Oct 2003]

PROBLEM: A buffer overflow vulnerability exists in wu-ftpd versions 2.6.2 and earlier. WU-FTPD is a popular ftp daemon used on the Internet, and on many anonymous ftp sites all around the world.
PLATFORM: Red Hat:
Linux 7.1, Linux 7.1 for iSeries, Linux 7.1 for pSeries, Linux 7.2, Linux 7.3, Linux 8.0
Sun:
Solaris 9, Sun Linux 5.0
Hewlett Packard:
B.11.22, B.11.11, and B.11.00 running wu-ftpd
B.11.00 and B.11.11 web

OTHER PLATFORMS WILL BE ADDED WHEN VENDOR BULLETINS ARE RELEASED.
DAMAGE: Successful exploitation could cause a buffer overflow and allow for an increase in privileges. Denial of service attacks may be possible.
SOLUTION: Install updated wu-ftpd packages from Red Hat or obtain the realpath.patch from the WU-FTPD Development Group web site.

VULNERABILITY
ASSESSMENT: The risk is HIGH. A remote attacker could gain root privileges
http://www.ciac.org/ciac/bulletins/n-132.shtml

10-10-2003, 16.51.42	#1
Giorgius Gold Member Top Poster Registrato: 26-08-2000 Loc.: tokyo city Messaggi: 8.374	Wu-ftpd Buffer Overflow Vulnerability N-132: Wu-ftpd Buffer Overflow Vulnerability [Red Hat Security Advisory RHSA-2003:245-15] July 31, 2003 18:00 GMT [Revised 13 Aug 2003] [Revised 14 Aug 2003] [Revised 5 Sept 2003] [Revised 8 Oct 2003] PROBLEM: A buffer overflow vulnerability exists in wu-ftpd versions 2.6.2 and earlier. WU-FTPD is a popular ftp daemon used on the Internet, and on many anonymous ftp sites all around the world. PLATFORM: Red Hat: Linux 7.1, Linux 7.1 for iSeries, Linux 7.1 for pSeries, Linux 7.2, Linux 7.3, Linux 8.0 Sun: Solaris 9, Sun Linux 5.0 Hewlett Packard: B.11.22, B.11.11, and B.11.00 running wu-ftpd B.11.00 and B.11.11 web OTHER PLATFORMS WILL BE ADDED WHEN VENDOR BULLETINS ARE RELEASED. DAMAGE: Successful exploitation could cause a buffer overflow and allow for an increase in privileges. Denial of service attacks may be possible. SOLUTION: Install updated wu-ftpd packages from Red Hat or obtain the realpath.patch from the WU-FTPD Development Group web site. VULNERABILITY ASSESSMENT: The risk is HIGH. A remote attacker could gain root privileges http://www.ciac.org/ciac/bulletins/n-132.shtml

Discussioni simili
Discussione	Autore discussione	Forum	Risposte	Ultimo messaggio
WinRAR Delete File Buffer Overflow Vulnerability	Giorgius	Sicurezza&Privacy	0	22-12-2004 14.01.07
Skype "callto:" URI Handler Buffer Overflow Vulnerability	Giorgius	Sicurezza&Privacy	0	16-11-2004 14.36.59
Internet Explorer IFRAME Buffer Overflow Vulnerability	Giorgius	Sicurezza&Privacy	0	03-11-2004 10.34.39
Microsoft Word Document Parsing Buffer Overflow Vulnerability	Giorgius	Sicurezza&Privacy	0	09-10-2004 13.38.30
mpg123 Mpeg Layer-2 Audio Decoder Buffer Overflow Vulnerability	Giorgius	Sicurezza&Privacy	1	16-09-2004 00.15.25

Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti)

Strumenti discussione
Visualizza versione stampabile Invia questa pagina via e-mail