SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link 
Number Two Link Number Two  Link Number One Link Number One Link Number Two Link 
Number Two   
                          Entire Site Advisories Calendar Columnists Elsewhere 
                          Guest Feature Infocus Library Links Mailing Lists 
                          (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- 
                          FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- 
                          FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF 
                          NEWS -- VULN-DEV News Products Services Tools Vulns








             
             




                         BUGTRAQ ARCHIVE 

                        [ Message Index ] [ Thread Index ][ Reply ]
                        [ prev Msg by Date ][ next Msg by Date ]


                              To: BugTraq
                              Subject: OpenLinux: wu-ftpd fb_realpath() 
                              off-by-one bug
                              Date: Oct 3 2003 11:09PM
                              Author: <security sco com>
                              Message-ID: 
                              <200310032309.h93N99h08851@rafiki.ca.caldera.com>


To: announce lists sco com bugtraq securityfocus com security-alerts linuxsecurity com
full-disclosure lists netsys com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: wu-ftpd fb_realpath() off-by-one bug
Advisory number: 	CSSA-2003-024.0
Issue date: 		2003 September 26
Cross reference: 	sr882340 fz528117 erg712364
______________________________________________________________________________


1. Problem Description

	Wu-ftpd FTP server contains remotely exploitable off-by-one bug. A
	local or remote attacker could exploit this vulnerability to gain
	root privileges on a vulnerable system. The Common Vulnerabilities
	and Exposures project (cve.mitre.org) has assigned the name
	CAN-2003-0466 to this issue.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server			prior to wu-ftpd-2.6.1-14.i386.rpm

	OpenLinux 3.1.1 Workstation		prior to wu-ftpd-2.6.1-14.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-024.0/RPMS

	4.2 Packages

	5dfb4811abe8ccf46d8c523b13ef34d1	wu-ftpd-2.6.1-14.i386.rpm

	4.3 Installation

	rpm -Fvh wu-ftpd-2.6.1-14.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-024.0/SRPMS

	4.5 Source Packages

	13d7a9857c9151477e20e49f25d48169	wu-ftpd-2.6.1-14.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-024.0/RPMS

	5.2 Packages

	05b6a116c8160033f16b7c52611c1f86	wu-ftpd-2.6.1-14.i386.rpm

	5.3 Installation

	rpm -Fvh wu-ftpd-2.6.1-14.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-024.0/SRPMS

	5.5 Source Packages

	b53bca2a2dcce72aa0f15c661961d2b6	wu-ftpd-2.6.1-14.src.rpm


6. References


	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr882340 fz528117
	erg712364.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj94iDAACgkQbluZssSXDTFPOgCfUrIFx1+jG+51w04qHaFxD4eT
KGgAni1FaEkMP36sPMlA6vkkPgLHsHwV
=zh3M
-----END PGP SIGNATURE-----





                  Want to link to this message? Use this URL: 
                  <http://www.securityfocus.com/archive/1/340243>
                  Disclaimer, Terms & Conditions


                  About this List


                  Featured Lists:

                  ARIS Users
                  bugtraq
                  bugtraq-es
                  bugtraq-french NEW
                  bugtraq-jp
                  firewalls
                  focus-ids
                  focus-ih
                  focus-linux
                  focus-ms
                  focus-sun
                  focus-unix-other
                  focus-virus
                  forensics
                  forensics-es
                  honeypots
                  incidents
                  libnet
                  pen-test
                  secevents
                  secpapers
                  secprog
                  sectools
                  secureshell
                  security-basics
                  security-management NEW
                  securityjobs
                  vpn
                  vuln-dev
                  webappsec

                  Newsletters:

                  sf-news
                  ms-secnews
                  linux-secnews


                  [ more . . . ]




                        Privacy Statement
                        Copyright © 1999-2003 SecurityFocus