The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Update: [CSSA-2001-SCO.36.2] REVISED: Open UNIX, UnixWare 7: wu-ftpd ftpglob() vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 14 Feb 2002 14:36:31 -0800
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2001-SCO.36.2] REVISED: Open UNIX, UnixWare 7: wu-ftpd ftpglob() vulnerability

--3lcZGd9BuhuYXNfi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To: [email protected] [email protected] scoannmod@xenitec.=
on.ca

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		REVISED: Open UNIX, UnixWare 7: wu-ftpd ftpglob() vulnerability
Advisory number: 	CSSA-2001-SCO.36.2
Issue date: 		2002 February 14
Cross reference:	CSSA-2001-SCO.36, CSSA-2001-SCO.36.1
___________________________________________________________________________


1. Problem Description
=09
	[ The CSSA-2001-SCO.36.1 version of this fix did not handle
	deep recursion of directory hierarchies well ]

	[ The CSSA-2001-SCO.36 version of this fix did not handle
	braces "{" or "}" well ]
=09
	A vulnerability in the wu-ftpd ftpglob() function was found by
	the CORE ST team.  This vulnerability may be exploited to
	obtain root access on the ftp server.
  =20
	An nlist with a deeply recursive argument in an ftpd session
	consumes a very large amount of disk and CPU resources on the
	server, thus constituting a denial of service attack.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/sbin/in.ftpd
	Open UNIX		8.0.0		/usr/sbin/in.ftpd


3. Workaround

	None.


4. UnixWare 7, Open UNIX 8

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.36.2/


  4.2 Verification

	md5 checksums:
=09
	MD5 (erg501215b.Z) =3D 5dc14febd11a88e1b58dfba93f033ea8


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download erg501215b.Z to /tmp
=09
	# uncompress /tmp/erg501215b.Z
	# pkgadd -d /tmp/erg501215b


5. References

	CORE-20011001: Wu-FTP glob heap corruption vulnerability
	http://www.corest.com

	CERT Advisory CA-2001-33 Multiple Vulnerabilities in WU-FTPD
	http://www.cert.org=09

	http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2001-0550

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr856023, fz519403, erg711908, erg501215.
=09

6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	This vulnerability was originally reported by Matt Power of
	BindView on the vuln-dev mailing list.


___________________________________________________________________________

--3lcZGd9BuhuYXNfi
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjxsO+8ACgkQaqoBO7ipriGNzgCeNNayNJqZaP2z7ODpAuiXk5/x
RpQAn24TNsBexw0PkgmU1co/l/TzPrx1
=Z7jx
-----END PGP SIGNATURE-----

--3lcZGd9BuhuYXNfi--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру