SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link Number Two Link Number Two Link Number One Link Number One Link Number Two Link Number Two Entire Site Advisories Calendar Columnists Elsewhere Guest Feature Infocus Library Links Mailing Lists (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF NEWS -- VULN-DEV News Products Services Tools Vulns BUGTRAQ ARCHIVE [ Message Index ] [ Thread Index ][ Reply ] [ prev Msg by Date ][ next Msg by Date ] To: BugTraq Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : wu-ftpd fb_realpath() off-by-one bug Date: Sep 24 2003 6:01AM Author: Message-ID: <20030923230110.A9947@caldera.com> To: bugtraq securityfocus com announce lists caldera com full-disclosure lists netsys com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : wu-ftpd fb_realpath() off-by-one bug Advisory number: CSSA-2003-SCO.20 Issue date: 2003 September 18 Cross reference: sr882339 fz528115 erg712363 ______________________________________________________________________________ 1. Problem Description Wu-ftpd FTP server contains remotely exploitable off-by-one bug. A local or remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0466 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.5 - 5.0.7 /etc/ftpd 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Install Maintenance pack 1. 4.2 Location of Maintenance pack 1. ftp://ftp.sco.com/pub/openserver5/osr507mp/ 4.3 Installing Maintenance pack 1. Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 5. OpenServer 5.0.6 - 5.0.5 5.1 First, install: OSS646B - Execution Environment Supplement 5.2 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.20 5.3 Verification MD5 (VOL.000.000) = 7cde8ff3cf05658b054dae20f6620bcb md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.4 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 6. References Specific references for this advisory: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466 http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt http://www.ciac.org/ciac/bulletins/n-132.shtml SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr882339 fz528115 erg712363. 8. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 9. Acknowledgments SCO would like to thank Wojciech Purczynski and Janusz Niewiadomski for the advisory. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/bzTsaqoBO7ipriERAidHAJ4wpBW9J3GCPEwn6Mak9t5+XAZAwgCghQSs q7S5CxTJrBp2c0KqG+NM+Zw= =4pz6 -----END PGP SIGNATURE----- Want to link to this message? Use this URL: Disclaimer, Terms & Conditions About this List Featured Lists: ARIS Users bugtraq bugtraq-es bugtraq-french NEW bugtraq-jp firewalls focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics forensics-es honeypots incidents libnet pen-test secevents secpapers secprog sectools secureshell security-basics security-management NEW securityjobs vpn vuln-dev webappsec Newsletters: sf-news ms-secnews linux-secnews [ more . . . ] Privacy Statement Copyright © 1999-2003 SecurityFocus