RH6.0: wu-ftpd (RHSA-1999:031-01) - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Advisory Watch: June 14th, 2013

Linux Security Week: June 4th, 2013

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

RH6.0: wu-ftpd (RHSA-1999:031-01)

User Rating:

How can I rate this item?

Posted by LinuxSecurity.com Team

New packages of wu-ftpd are available for all Red Hat Linux platforms. This version includes an important security fix as well as fixes for all known problems in wu-ftpd at this time.


Red Hat, Inc. Security Advisory
Package	wu-ftpd

Synopsis	Another buffer overflow in wu- ftpd is fixed

Advisory ID	RHSA-1999:031-01

Issue Date	1999-08-25

Updated on

Keywords	wu-ftpd buffer overflow

1. Topic: New packages of wu-ftpd are available for all Red Hat Linux platforms. This version includes an important security fix as well as fixes for all known problems in wu-ftpd at this time. 2. Bug IDs fixed: 1599 3482 3866 3. Relevant releases/architectures: Red Hat Linux 6.0, all architectures 4. Obsoleted by: None 5. Conflicts with: None 6. RPMs required: Intel: ftp://updates.Red Hat.com/6.0/i386/ wu- ftpd-2.5.0-5.6.0.i386.rpm Alpha: ftp://updates.Red Hat.com/6.0/alpha wu- ftpd-2.5.0-5.6.0.alpha.rpm SPARC: ftp://updates.Red Hat.com/6.0/sparc wu- ftpd-2.5.0-5.6.0.sparc.rpm Source: ftp://updates.Red Hat.com/6.0/SRPMS wu- ftpd-2.5.0-5.6.0.src.rpm Architecture neutral: ftp://updates.Red Hat.com/6.0/noarch/ 7. Problem description: An explotable buffer overflow security problem in the wu-ftpd daemon has been fixed. The previous errata for wu-ftpd did not update /var/run/utmp correctly when a session was disconnected. This problem manifested itself as last displaying connections that had terminated as still active. A minor and obscure problem with members not in a configured class being permitted to login on the second attempt has been fixed. Thanks go to Gregory A. Lundberg of the WU-FTPD Development Group for supplying the patches. 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh filename where filename is the name of the RPM. Then restart inetd by typing: /etc/rc.d/init.d/inet restart 9. Verification: MD5 sum Package Name ------------------------------------------------------------------------- f73f420b55128a2228e8c6cf5692fc64 6.0/SRPMS/wu-ftpd-2.5.0-5.6.0.src.rpm 0d13ec35e8ad4bb6f44ba7489c7d8a84 6.0/alpha/wu-ftpd-2.5.0-5.6.0.alpha.rpm cdac8067673e58ed64f3a96d5ba5b6f9 6.0/i386/wu-ftpd-2.5.0-5.6.0.i386.rpm 22cfce1de906e413fe5561fd36a35d2f 6.0/sparc/wu-ftpd-2.5.0-5.6.0.sparc.rpm These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.Red Hat.com/corp/contac t.html You can verify each package with the following command: rpm --checksig filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nopgp filename 10. References: