Bug 17042 - Upgrade to wu-ftpd 2.6.1
Upgrade to wu-ftpd 2.6.1
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd (Show other bugs)
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
: Security
Depends On:
  Show dependency treegraph
Reported: 2000-08-28 11:51 EDT by Need Real Name
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-08-28 11:51:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2000-08-28 11:51:00 EDT

By exploiting any of these input validation problems, local or remote users
logged into the ftp daemon may be able execute arbitrary code as root. An
anonymous ftp user may also be able to execute arbitrary code as root. 

Original release date: July 7, 2000
Last revised: July 18, 2000
Source: CERT/CC

Systems Affected

Any system running wu-ftpd 2.6.0 or earlier 
Any system running ftpd derived from wu-ftpd 2.0 or later 
Some systems running ftpd derived from BSD ftpd 5.51 or BSD ftpd 5.60 (the
final BSD release) 


A vulnerability involving an input validation error in the "site exec"
command has recently been identified in the Washington University ftpd
(wu-ftpd) software package. Sites running affected systems are advised to
update their wu-ftpd software as soon as possible. 

A similar but distinct vulnerability has also been identified that involves
a missing format string in several setproctitle() calls. It affects a
broader number of ftp daemons.
Comment 1 Bernhard Rosenkraenzer 2000-08-28 12:10:44 EDT
An update for 6.x was released some months ago.
Comment 2 Bernhard Rosenkraenzer 2000-08-28 12:12:26 EDT
(the update is 2.6.0-14.6x; it was released a couple of days before wu-ftpd
2.6.1 was released and has all the security fixes).

Note You need to log in before you can comment on or make changes to this bug.