Bug 1442 - Vulnerability in wu-ftpd-2.4.2b18-2.1
Summary: Vulnerability in wu-ftpd-2.4.2b18-2.1
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd
Version: 5.2
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-03-07 06:50 UTC by david
Modified: 2007-03-27 03:25 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-06-08 14:35:38 UTC


Attachments (Terms of Use)

Description david 1999-03-07 06:50:32 UTC
I had a box attacked and comprimised last night.  Looks like
wu-ftpd was the entry point.  Here is the syslog.

Mar  5 20:27:59 ns6 ftpd[746]: getpeername (in.ftpd):
Transport endpoint is not connected
Mar  5 20:27:59 ns6 inetd[992]: ftp/tcp server failing
(looping), service terminated

[david@server david]$ rpm -q wu-ftpd
wu-ftpd-2.4.2b18-2.1

This box was only running ssh, ftp, www, and identd, so it
makes it look like ftp was to blame even more.  I will
investigate this further and post any additional
information.

Comment 1 Cristian Gafton 1999-03-21 22:24:59 UTC
We need more information on this problem. We are not aware aof any
possbilbe ecploits in the current wu-ftpd code.

Comment 2 lp.brais 1999-04-01 05:31:59 UTC
Please see the following article in Bugtraq archives:
http://www.geek-girl.com/bugtraq/1999_1/1075.html

I witnessed a break-in on one patched RH-5.2 system last week.
Seems like this was the entry point.

Comment 3 Jeff Johnson 1999-06-08 12:53:59 UTC
This is an errata item for
	4.2.3:	wu-ftp-2.5.0-0.4.2
	5.2.2:	wu-ftp-2.5.0-0.5.2
	6.0.4:	wu-ftp-2.5.0-2	(no exploit but other problems)

All systems need the following commands verified
	cd ~user	<= tilde expansion was busted
	ls foo*		<= globbing was busted
Pay close attention to ftpwho on non Red Hat 6.0 systems. It might
be broke ...

Comment 4 Jeff Johnson 1999-06-08 12:57:59 UTC
This is an errata item for
	4.2.3:	wu-ftp-2.5.0-0.4.2
	5.2.2:	wu-ftp-2.5.0-0.5.2
	6.0.4:	wu-ftp-2.5.0-2	(no exploit but other problems)

All systems need the following commands verified
	cd ~user	<= tilde expansion was busted
	ls foo*		<= globbing was busted
Pay close attention to ftpwho on non Red Hat 6.0 systems. It might
be broke ...

Comment 5 Derek Tattersall 1999-06-08 14:35:59 UTC
tested all arch, 4.2, 5.2, 6.0 8 JUN 1999


Note You need to log in before you can comment on or make changes to this bug.