LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: December 22nd, 2014
Linux Advisory Watch: December 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RH6.1: wu-ftpd (RHSA-1999:043-01) Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux Various computer security groups have reported security problems in the WU-FTPD daemon, the FTP server shipped with all versions of Red Hat Linux.
 
Red Hat, Inc. Security Advisory
Package wu-ftpd

Synopsis Security problems in WU- FTPD

Advisory ID RHSA-1999:043-01

Issue Date 1999-10-21

Updated on

Keywords wu-ftp security remote exploit

Cross references N/A



1. Topic:
Various computer security groups have reported security problems in the WU-FTPD daemon, the FTP server shipped with all versions of Red Hat Linux.

2. Problem description:
Three vulnerabilities have been identified in WU-FTPD and other ftp daemons based on the WU-FTPD source code.

Vulnerability #1: MAPPING_CHDIR Buffer Overflow
Vulnerability #2: Message File Buffer Overflow

Remote and local intruders may be able exploit these vulnerabilities to execute arbitrary code as the user running the ftpd daemon, usually root.

Vulnerability #3: SITE NEWER Consumes Memory

Remote and local intruders who can connect to the FTP server can cause the server to consume excessive amounts of memory, preventing normal system operation. If intruders can create files on the system, they may be able exploit this vulnerability to execute arbitrary code as the user running the ftpd daemon, usually root.

3. Bug IDs fixed:(http://developer.Red Hat.com/bugzilla for more info)
N/A

4. Relevant releases/architectures:
Red Hat Linux 6.1, for i386, alpha and sparc

5. Obsoleted by:
None

6. Conflicts with:
None

7. RPMs required:

Intel:

ftp://updates.Red Hat.com/6.1/i386/

wu-ftpd- 2.6.0-1.i386.rpm

Alpha:

ftp://updates.Red Hat.com/6.0/alpha

wu-ftpd- 2.6.0-1.alpha.rpm

SPARC:

ftp://updates.Red Hat.com/6.0/sparc

wu-ftpd- 2.6.0-1.sparc.rpm

Source:

ftp://updates.Red Hat.com/6.1/SRPMS

wu-ftpd- 2.6.0-1.src.rpm

Architecture neutral:

ftp://updates.Red Hat.com/6.1/noarch/

8. Solution:
For each RPM for your particular architecture, run:

rpm -Uvh filename

where filename is the name of the RPM.

9. Verification:


 MD5 sum                           Package Name

 -------------------------------------------------------------------------
dcd5d04df11849007aa3c4fb398cfbfb  i386/wu-ftpd-2.6.0-1.i386.rpm
a0b3a1a0dcfbdfd1443d0aecd960e907  alpha/wu-ftpd-2.6.0-1.alpha.rpm
7511f1f96b3044207cbe11d34f75ff7a  sparc/wu-ftpd-2.6.0-1.sparc.rpm
7e30ea42e82908752b943621580f6f1c  SRPMS/wu-ftpd-2.6.0-1.src.rpm


 
These packages are GPG signed by Red Hat Inc. for security. Our key is available at: http://www.Red Hat.com/corp/contac t.html

You can verify each package with the following command:

rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

rpm --checksig --nogpg filename

10. References:


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.