Bug 12890 - wu-ftpd remote hole (PATCH)
Summary: wu-ftpd remote hole (PATCH)
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd   
(Show other bugs)
Version: 6.2
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2000-06-23 22:05 UTC by Pekka Savola
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-06-23 22:07:11 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
security patch for the latest bug (HTH) (1012 bytes, patch)
2000-06-23 22:07 UTC, Pekka Savola
no flags Details | Diff

Description Pekka Savola 2000-06-23 22:05:28 UTC
Yet another wu-ftpd remote hole was reported (w/ intentionally broken 
sploit) on BugTraq yesterday.

I couldn't check this further, but an attached patch (from Connectiva 
Linux, similar stuff in Debian) might help.

Comment 1 Pekka Savola 2000-06-23 22:07:07 UTC
Created attachment 698 [details]
security patch for the latest bug (HTH)

Comment 2 Bernhard Rosenkraenzer 2000-06-23 22:09:01 UTC
We're aware of it and have already built an updated package.
It'll be released as soon as the QA guys approve it, should be only a couple
more minutes.

Comment 3 Gilbert E. Detillieux 2000-06-28 15:26:28 UTC
The security patch included in the updated package fixes only the problems
with the *printf-style % format specifications (the known exploit of the
site exec bug).  The patch submitted by pekkas@netcore.fi is different,
in that it deals with other potential buffer overrun problems related to
the site exec command.  Would it not be a good idea to include both patches?

Note You need to log in before you can comment on or make changes to this bug.