Bug 100541 - CAN-2003-0466 off-by-one in wu-ftpd
Summary: CAN-2003-0466 off-by-one in wu-ftpd
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: wu-ftpd   
(Show other bugs)
Version: 2.1
Hardware: All Linux
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: David Lawrence
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2003-07-23 08:03 UTC by Mark J. Cox
Modified: 2007-11-30 22:06 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-07-31 16:16:05 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch (375 bytes, patch)
2003-07-23 08:06 UTC, Mark J. Cox
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2003:246 high SHIPPED_LIVE Important: wu-ftpd security update 2003-07-31 04:00:00 UTC

Description Mark J. Cox 2003-07-23 08:03:28 UTC
An off-by-one bug has been discovered in versions of wu-ftpd up to and
including 2.6.2.  

Red Hat Enterprise Linux is affected by this vulnerability although it is
believed that this issue will not be remotely exploitable due to buffer padding.
 Red Hat Enterprise Linux shipped with kernel headers where PATH_MAX is defined
to be 4095 characters and in such cases the buffer will be padded because of
variable alignment which is a result of code optimization.

It is also expected that our ia64 packages will not be affected by this
vulnerability, but we've not yet confirmed this.

Even so, we will advise all users of wu-ftpd to upgrade to these erratum
packages which contain a backported security patch.

Wojciech Purczynski and Janusz Niewiadomski of ISEC Security Research disclosed
this issue to us on Jul 19th 2003.  No public release date is yet set.

Comment 1 Mark J. Cox 2003-07-23 08:06:54 UTC
Created attachment 93076 [details]
Proposed patch

Comment 2 Mark J. Cox 2003-07-31 16:16:05 UTC
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.