Bug 17042 - Upgrade to wu-ftpd 2.6.1
Summary: Upgrade to wu-ftpd 2.6.1
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd   
(Show other bugs)
Version: 6.2EE
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact:
URL: http://www.cert.org/advisories/CA-200...
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-08-28 15:51 UTC by Need Real Name
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-08-28 15:51:02 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Need Real Name 2000-08-28 15:51:00 UTC 
Impact

By exploiting any of these input validation problems, local or remote users
logged into the ftp daemon may be able execute arbitrary code as root. An
anonymous ftp user may also be able to execute arbitrary code as root. 


Original release date: July 7, 2000
Last revised: July 18, 2000
Source: CERT/CC

Systems Affected

Any system running wu-ftpd 2.6.0 or earlier 
Any system running ftpd derived from wu-ftpd 2.0 or later 
Some systems running ftpd derived from BSD ftpd 5.51 or BSD ftpd 5.60 (the
final BSD release) 

                       Overview

A vulnerability involving an input validation error in the "site exec"
command has recently been identified in the Washington University ftpd
(wu-ftpd) software package. Sites running affected systems are advised to
update their wu-ftpd software as soon as possible. 

A similar but distinct vulnerability has also been identified that involves
a missing format string in several setproctitle() calls. It affects a
broader number of ftp daemons.
Comment 1 Bernhard Rosenkraenzer 2000-08-28 16:10:44 UTC 
An update for 6.x was released some months ago.
Comment 2 Bernhard Rosenkraenzer 2000-08-28 16:12:26 UTC 
(the update is 2.6.0-14.6x; it was released a couple of days before wu-ftpd
2.6.1 was released and has all the security fixes).
Note You need to log in before you can comment on or make changes to this bug.