Bug 12890 - wu-ftpd remote hole (PATCH)
wu-ftpd remote hole (PATCH)
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd (Show other bugs)
6.2
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-06-23 18:05 EDT by Pekka Savola
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-06-23 18:07:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
security patch for the latest bug (HTH) (1012 bytes, patch)
2000-06-23 18:07 EDT, Pekka Savola
no flags Details | Diff

  None (edit)
Description Pekka Savola 2000-06-23 18:05:28 EDT
Yet another wu-ftpd remote hole was reported (w/ intentionally broken 
sploit) on BugTraq yesterday.

I couldn't check this further, but an attached patch (from Connectiva 
Linux, similar stuff in Debian) might help.
Comment 1 Pekka Savola 2000-06-23 18:07:07 EDT
Created attachment 698 [details]
security patch for the latest bug (HTH)
Comment 2 Bernhard Rosenkraenzer 2000-06-23 18:09:01 EDT
We're aware of it and have already built an updated package.
It'll be released as soon as the QA guys approve it, should be only a couple
more minutes.
Comment 3 Gilbert E. Detillieux 2000-06-28 11:26:28 EDT
The security patch included in the updated package fixes only the problems
with the *printf-style % format specifications (the known exploit of the
site exec bug).  The patch submitted by pekkas@netcore.fi is different,
in that it deals with other potential buffer overrun problems related to
the site exec command.  Would it not be a good idea to include both patches?

Note You need to log in before you can comment on or make changes to this bug.