Red Hat 6.1: RHSA-1999:043-01 Critical: wu-ftpd Remote Exploit
Dec 07, 1999
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
Various computer security groups have reported security problems in the WU-FTPD
daemon, the FTP server shipped with all versions of Red Hat Linux.
| Red Hat, Inc. Security
Advisory |
||
| Package | wu-ftpd | |
| Synopsis | Security problems in WU- FTPD | |
| Advisory ID | RHSA-1999:043-01 | |
| Issue Date | 1999-10-21 | |
| Updated on | ||
| Keywords | wu-ftp security remote exploit | |
| Cross references | N/A | |
|
1. Topic:
2. Problem description:
Vulnerability #1: MAPPING_CHDIR Buffer Overflow Remote and local intruders may be able exploit these vulnerabilities to execute arbitrary code as the user running the ftpd daemon, usually root. Vulnerability #3: SITE NEWER Consumes Memory Remote and local intruders who can connect to the FTP server can cause the server to consume excessive amounts of memory, preventing normal system operation. If intruders can create files on the system, they may be able exploit this vulnerability to execute arbitrary code as the user running the ftpd daemon, usually root.
3. Bug IDs fixed:(https://bugzilla.redhat.com for more info)
4. Relevant releases/architectures:
5. Obsoleted by:
6. Conflicts with:
7. RPMs required: Intel:
wu-ftpd-
2.6.0-1.i386.rpm Alpha:
wu-ftpd-
2.6.0-1.alpha.rpm SPARC:
wu-ftpd-
2.6.0-1.sparc.rpm Source:
wu-ftpd- 2.6.0-1.src.rpm
Architecture neutral:
8. Solution: rpm -Uvh filename where filename is the name of the RPM.
9. Verification: MD5 sum Package Name ------------------------------------------------------------------------- dcd5d04df11849007aa3c4fb398cfbfb i386/wu-ftpd-2.6.0-1.i386.rpm a0b3a1a0dcfbdfd1443d0aecd960e907 alpha/wu-ftpd-2.6.0-1.alpha.rpm 7511f1f96b3044207cbe11d34f75ff7a sparc/wu-ftpd-2.6.0-1.sparc.rpm 7e30ea42e82908752b943621580f6f1c SRPMS/wu-ftpd-2.6.0-1.src.rpmThese packages are GPG signed by Red Hat Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename
10. References: |
||
PREVIOUS
NEXT
Red Hat 6.1: RHSA-1999:043-01 Critical: wu-ftpd Remote Exploit
red hat
December 7, 1999
Various computer security groups have reported security problems in the WU-FTPD
daemon, the FTP server shipped with all versions of Red Hat Linux
Solution
For each RPM for your particular architecture, run:
rpm -Uvh filename
where filename is the name of the RPM.
9. Verification:
MD5 sum Package Name
dcd5d04df11849007aa3c4fb398cfbfb i386/wu-ftpd-2.6.0-1.i386.rpm a0b3a1a0dcfbdfd1443d0aecd960e907 alpha/wu-ftpd-2.6.0-1.alpha.rpm 7511f1f96b3044207cbe11d34f75ff7a sparc/wu-ftpd-2.6.0-1.sparc.rpm 7e30ea42e82908752b943621580f6f1c SRPMS/wu-ftpd-2.6.0-1.src.rpm
These packages are GPG signed by Red Hat Inc. for security. Our key
is available at:
You can verify each package with the following command:
rpm --checksig filename
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg filename
Summary
Topics Covered
References
Package List
Severity
critical
Lowest
Low
Medium
High
Critical
Topic
Topics Covered
Relevant Releases Architectures
Red Hat Linux 6.1, for i386, alpha and sparc
5. Obsoleted by:
None
6. Conflicts with:
None
7. RPMs required:
Intel:
wu-ftpd-
2.6.0-1.i386.rpm
Alpha:
wu-ftpd-
2.6.0-1.alpha.rpm
SPARC:
wu-ftpd-
2.6.0-1.sparc.rpm
Source:
wu-ftpd-
2.6.0-1.src.rpm
Architecture neutral:
Bugs Fixed
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!