Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 2.1 product line. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 100541

Summary: CAN-2003-0466 off-by-one in wu-ftpd
Product: Red Hat Enterprise Linux 2.1 Reporter: Mark J. Cox <mjc>
Component: wu-ftpdAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: high    
Version: 2.1Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-07-31 16:16:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Proposed patch none

Description Mark J. Cox 2003-07-23 08:03:28 UTC 
An off-by-one bug has been discovered in versions of wu-ftpd up to and
including 2.6.2.  

Red Hat Enterprise Linux is affected by this vulnerability although it is
believed that this issue will not be remotely exploitable due to buffer padding.
 Red Hat Enterprise Linux shipped with kernel headers where PATH_MAX is defined
to be 4095 characters and in such cases the buffer will be padded because of
variable alignment which is a result of code optimization.

It is also expected that our ia64 packages will not be affected by this
vulnerability, but we've not yet confirmed this.

Even so, we will advise all users of wu-ftpd to upgrade to these erratum
packages which contain a backported security patch.

Wojciech Purczynski and Janusz Niewiadomski of ISEC Security Research disclosed
this issue to us on Jul 19th 2003.  No public release date is yet set.
Comment 1 Mark J. Cox 2003-07-23 08:06:54 UTC 
Created attachment 93076 [details]
Proposed patch
Comment 2 Mark J. Cox 2003-07-31 16:16:05 UTC 
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2003-246.html