Bug 100541 - CAN-2003-0466 off-by-one in wu-ftpd
CAN-2003-0466 off-by-one in wu-ftpd
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: wu-ftpd (Show other bugs)
2.1
All Linux
high Severity medium
: ---
: ---
Assigned To: Thomas Woerner
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-07-23 04:03 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-07-31 12:16:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch (375 bytes, patch)
2003-07-23 04:06 EDT, Mark J. Cox (Product Security)
no flags Details | Diff

  None (edit)
Description Mark J. Cox (Product Security) 2003-07-23 04:03:28 EDT
An off-by-one bug has been discovered in versions of wu-ftpd up to and
including 2.6.2.  

Red Hat Enterprise Linux is affected by this vulnerability although it is
believed that this issue will not be remotely exploitable due to buffer padding.
 Red Hat Enterprise Linux shipped with kernel headers where PATH_MAX is defined
to be 4095 characters and in such cases the buffer will be padded because of
variable alignment which is a result of code optimization.

It is also expected that our ia64 packages will not be affected by this
vulnerability, but we've not yet confirmed this.

Even so, we will advise all users of wu-ftpd to upgrade to these erratum
packages which contain a backported security patch.

Wojciech Purczynski and Janusz Niewiadomski of ISEC Security Research disclosed
this issue to us on Jul 19th 2003.  No public release date is yet set.
Comment 1 Mark J. Cox (Product Security) 2003-07-23 04:06:54 EDT
Created attachment 93076 [details]
Proposed patch
Comment 2 Mark J. Cox (Product Security) 2003-07-31 12:16:05 EDT
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2003-246.html

Note You need to log in before you can comment on or make changes to this bug.