Bug 1442 - Vulnerability in wu-ftpd-2.4.2b18-2.1
Vulnerability in wu-ftpd-2.4.2b18-2.1
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd (Show other bugs)
5.2
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Jeff Johnson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-03-07 01:50 EST by david
Modified: 2007-03-26 23:25 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-06-08 10:35:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description david 1999-03-07 01:50:32 EST
I had a box attacked and comprimised last night.  Looks like
wu-ftpd was the entry point.  Here is the syslog.

Mar  5 20:27:59 ns6 ftpd[746]: getpeername (in.ftpd):
Transport endpoint is not connected
Mar  5 20:27:59 ns6 inetd[992]: ftp/tcp server failing
(looping), service terminated

[david@server david]$ rpm -q wu-ftpd
wu-ftpd-2.4.2b18-2.1

This box was only running ssh, ftp, www, and identd, so it
makes it look like ftp was to blame even more.  I will
investigate this further and post any additional
information.
Comment 1 Cristian Gafton 1999-03-21 17:24:59 EST
We need more information on this problem. We are not aware aof any
possbilbe ecploits in the current wu-ftpd code.
Comment 2 lp.brais 1999-04-01 00:31:59 EST
Please see the following article in Bugtraq archives:
http://www.geek-girl.com/bugtraq/1999_1/1075.html

I witnessed a break-in on one patched RH-5.2 system last week.
Seems like this was the entry point.
Comment 3 Jeff Johnson 1999-06-08 08:53:59 EDT
This is an errata item for
	4.2.3:	wu-ftp-2.5.0-0.4.2
	5.2.2:	wu-ftp-2.5.0-0.5.2
	6.0.4:	wu-ftp-2.5.0-2	(no exploit but other problems)

All systems need the following commands verified
	cd ~user	<= tilde expansion was busted
	ls foo*		<= globbing was busted
Pay close attention to ftpwho on non Red Hat 6.0 systems. It might
be broke ...
Comment 4 Jeff Johnson 1999-06-08 08:57:59 EDT
This is an errata item for
	4.2.3:	wu-ftp-2.5.0-0.4.2
	5.2.2:	wu-ftp-2.5.0-0.5.2
	6.0.4:	wu-ftp-2.5.0-2	(no exploit but other problems)

All systems need the following commands verified
	cd ~user	<= tilde expansion was busted
	ls foo*		<= globbing was busted
Pay close attention to ftpwho on non Red Hat 6.0 systems. It might
be broke ...
Comment 5 Derek Tattersall 1999-06-08 10:35:59 EDT
tested all arch, 4.2, 5.2, 6.0 8 JUN 1999

Note You need to log in before you can comment on or make changes to this bug.