The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Update: [CSSA-2002-SCO.1] OpenServer: wu-ftpd ftpglob() vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 10 Jan 2002 11:34:39 -0800
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2002-SCO.1] OpenServer: wu-ftpd ftpglob() vulnerability

--DBIVS5p969aUjpLe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To: [email protected] [email protected] scoannmod@xenitec.=
on.ca


___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: wu-ftpd ftpglob() vulnerability
Advisory number: 	CSSA-2002-SCO.1
Issue date: 		2002 January 10
Cross reference:
___________________________________________________________________________


1. Problem Description
=09
	A vulnerability in the wu-ftpd ftpglob() function was found by
	the CORE ST team.  This vulnerability can be exploited to
	obtain root access on the ftp server.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		<=3D 5.0.6a	/etc/ftpd


3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.1/


  4.2 Verification

	MD5 (erg711907.tar) =3D 577a93a058d37283037be476b9e54298


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download erg711907.tar to /tmp

	# cd /tmp
	# tar xvf erg711907.tar
	# custom

	Instruct custom to install from images, and supply /tmp as the
	directory of the VOL images.
	      =20

5. References

	CORE-20011001: Wu-FTP glob heap corruption vulnerability
	http://www.corest.com

	CERT Advisory CA-2001-33 Multiple Vulnerabilities in WU-FTPD
	http://www.cert.org=09

	http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2001-0550

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr856022, SCO-559-1331, erg711907.


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	This vulnerability was originally reported by Matt Power of
	BindView on the vuln-dev mailing list.

	=20
___________________________________________________________________________

--DBIVS5p969aUjpLe
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjw97M8ACgkQaqoBO7ipriFP0gCbB7bLHUD8y6wUwGNtfeWwFbIe
wWsAn3LKLjMHH82RjQ4InWoEt236qDi3
=/6aA
-----END PGP SIGNATURE-----

--DBIVS5p969aUjpLe--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру