Red Hat Bugzilla – Bug 100541
CAN-2003-0466 off-by-one in wu-ftpd
Last modified: 2007-11-30 17:06:53 EST
An off-by-one bug has been discovered in versions of wu-ftpd up to and
Red Hat Enterprise Linux is affected by this vulnerability although it is
believed that this issue will not be remotely exploitable due to buffer padding.
Red Hat Enterprise Linux shipped with kernel headers where PATH_MAX is defined
to be 4095 characters and in such cases the buffer will be padded because of
variable alignment which is a result of code optimization.
It is also expected that our ia64 packages will not be affected by this
vulnerability, but we've not yet confirmed this.
Even so, we will advise all users of wu-ftpd to upgrade to these erratum
packages which contain a backported security patch.
Wojciech Purczynski and Janusz Niewiadomski of ISEC Security Research disclosed
this issue to us on Jul 19th 2003. No public release date is yet set.
Created attachment 93076 [details]
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.