The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Update: [CSSA-2002-SCO.23] Open UNIX 8.0.0 UnixWare 7.1.1 : ftpd allows data connection hijacking via PASV mode


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 30 May 2002 11:30:43 -0700
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2002-SCO.23] Open UNIX 8.0.0 UnixWare 7.1.1 : ftpd allows data connection hijacking via PASV mode

--ikeVEW9yuYc//A+q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To: [email protected] [email protected] scoannmod@xenitec.=
on.ca=20

___________________________________________________________________________=
___

		Caldera International, Inc.  Security Advisory

Subject:		Open UNIX 8.0.0 UnixWare 7.1.1 : ftpd allows data connection hija=
cking via PASV mode
Advisory number: 	CSSA-2002-SCO.23
Issue date: 		2002 May 30
Cross reference:
___________________________________________________________________________=
___


1. Problem Description

	In FTP PASV mode, the client makes a control connection to the
	FTP server (typically port 21/tcp) and requests a PASV data
	connection. The server responds by listening for client
	connections on a specified port number, which is supplied to
	the client via the control connection. If an attacker can make
	a connection to the listening port before the client connects,
	the server will transmit the data to the attacker instead of
	the client.

	To exploit this vulnerability, the attacker must intercept or
	guess the port number that the server will use, then make its
	connection attempt before the client establishes a data
	connection. If the server chooses port numbers using an easily
	identifiable pattern (such as incrementally), this
	vulnerability is trivial to exploit.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	Open UNIX 8.0.0			/usr/sbin/in.ftpd
	UnixWare 7.1.1 			/usr/sbin/in.ftpd


3. Solution

	The proper solution is to install the latest packages.


4. Open UNIX 8.0.0

	4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.23


	4.2 Verification

	MD5 (erg501602b.pkg.Z) =3D e25467ff65349f5f388698fdd39161b5

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download erg501602b.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/erg501602b.pkg.Z
	# pkgadd -d /var/spool/pkg/erg501602b.pkg


5. UnixWare 7.1.1

	5.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.23


	5.2 Verification

	MD5 (erg501602b.pkg.Z) =3D e25467ff65349f5f388698fdd39161b5

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


	5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download erg501602b.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/erg501602b.pkg.Z
	# pkgadd -d /var/spool/pkg/erg501602b.pkg


6. References

	Specific references for this advisory:
		http://www.kb.cert.org/vuls/id/2558

	Caldera UNIX security resources:
		http://stage.caldera.com/support/security/

	Caldera OpenLinux security resources:
		http://www.caldera.com/support/security/index.html

	This security fix closes Caldera incidents sr863902, fz520882,
	erg501602.


7. Disclaimer

	Caldera International, Inc. is not responsible for the
	misuse of any of the information we provide on this website
	and/or through our security advisories. Our advisories are
	a service to our customers intended to promote secure
	installation and use of Caldera products.

___________________________________________________________________________=
___

--ikeVEW9yuYc//A+q
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjz2b9MACgkQaqoBO7ipriHNkACdECYPA32CWHQKnSf3gB2UN9yr
7eEAniVHO/Fv4nd3xE45mgy7oAZma2VI
=OxoK
-----END PGP SIGNATURE-----

--ikeVEW9yuYc//A+q--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру