*ALERT* UPDATED BID 3581 (URGENCY 8.2): Wu-Ftpd File Globbing Heap
Corruption Vulnerability
Kevin Brown
plug-discuss@lists.PLUG.phoenix.az.us
Fri, 30 Nov 2001 20:28:54 -0700
Article on Slashdot two days ago talked about RedHat releasing an advisory ahead
of time. As opposed to waiting for the vendors to come up with a fix then
release the advisory and fix.
Personally I would prefer that vendors like Redhat release an advisory on
something like this once they have verification that it is a real hole and not
some hoak or accident. At least then those of us in the real world that are
using Wuftpd could at least know that it is a security risk and turn it off till
the fix is out, or switch to a different product.
Nancy Sollars wrote:
>
> Being WU-ftpd its proly true and you must be a right muppet to have it
> running anyway
>
> use Pro or Pure ftp people.
>
> Nige
>
> > --------------------------------------------------------------------------
> -
> > > Security Alert
> > >
> > > Subject: Wu-Ftpd File Globbing Heap Corruption
> > > Vulnerability
> > > BUGTRAQ ID: 3581 CVE ID:
> > > CAN-2001-0550
> > > Published: Nov 27, 2001 Updated:
> > > Nov 30, 2001 00:19:10
> > >
> > > Remote: Yes Local:
> > > No
> > > Availability: Always Authentication:
> > > Not Required
> > > Credibility: Vendor Confirmed Ease:
> > > No Exploit Available
> > > Class: Failure to Handle Exceptional
> > > Conditions
> > >
> > > Impact: 10.0 Severity: 10.0
> > > Urgency: 8.2
> > >
> > > Last Change: Wirex Immunix advisory released,
> > > updated packages available.
> > >
> > --------------------------------------------------------------------------
> -
> > >
> > > Vulnerable Systems:
> > >
> > > David Madore ftpd-BSD 0.3.3
> > > David Madore ftpd-BSD 0.3.2
> > > Washington University wu-ftpd 2.6.1
> > > + Caldera eDesktop 2.4
> > > + Caldera eServer 2.3.1
> > > + Caldera OpenLinux 2.3
> > > + Caldera OpenLinux Server 3.1
> > > + Cobalt Qube 1.0
> > > + Conectiva Linux 7.0
> > > + Conectiva Linux 6.0
> > > + MandrakeSoft Corporate Server 1.0.1
> > > + MandrakeSoft Linux Mandrake 8.1
> > > + MandrakeSoft Linux Mandrake 8.0 ppc
> > > + MandrakeSoft Linux Mandrake 8.0
> > > + MandrakeSoft Linux Mandrake 7.2
> > > + MandrakeSoft Linux Mandrake 7.1
> > > + MandrakeSoft Linux Mandrake 7.0
> > > + MandrakeSoft Linux Mandrake 6.1
> > > + MandrakeSoft Linux Mandrake 6.0
> > > + RedHat Linux 7.2 noarch
> > > + RedHat Linux 7.2 ia64
> > > + RedHat Linux 7.2 i686
> > > + RedHat Linux 7.2 i586
> > > + RedHat Linux 7.2 i386
> > > + RedHat Linux 7.2 athlon
> > > + RedHat Linux 7.2 alpha
> > > + RedHat Linux 7.1 noarch
> > > + RedHat Linux 7.1 ia64
> > > + RedHat Linux 7.1 i686
> > > + RedHat Linux 7.1 i586
> > > + RedHat Linux 7.1 i386
> > > + RedHat Linux 7.1 alpha
> > > + RedHat Linux 7.0 sparc
> > > + RedHat Linux 7.0 i386
> > > + RedHat Linux 7.0 alpha
> > > + TurboLinux TL Workstation 6.1
> > > + TurboLinux Turbo Linux 6.0.5
> > > + TurboLinux Turbo Linux 6.0.4
> > > + TurboLinux Turbo Linux 6.0.3
> > > + TurboLinux Turbo Linux 6.0.2
> > > + TurboLinux Turbo Linux 6.0.1
> > > + TurboLinux Turbo Linux 6.0
> > > + Wirex Immunix OS 7.0-Beta
> > > + Wirex Immunix OS 7.0
> > > Washington University wu-ftpd 2.6.0
> > > + Cobalt Qube 1.0
> > > + Conectiva Linux 5.1
> > > + Conectiva Linux 5.0
> > > + Conectiva Linux 4.2
> > > + Conectiva Linux 4.1
> > > + Conectiva Linux 4.0es
> > > + Conectiva Linux 4.0
> > > + Debian Linux 2.2 sparc
> > > + Debian Linux 2.2 powerpc
> > > + Debian Linux 2.2 arm
> > > + Debian Linux 2.2 alpha
> > > + Debian Linux 2.2 68k
> > > + Debian Linux 2.2
> > > + RedHat Linux 6.2 sparc
> > > + RedHat Linux 6.2 i386
> > > + RedHat Linux 6.2 alpha
> > > + RedHat Linux 6.1 sparc
> > > + RedHat Linux 6.1 i386
> > > + RedHat Linux 6.1 alpha
> > > + RedHat Linux 6.0 sparc
> > > + RedHat Linux 6.0 i386
> > > + RedHat Linux 6.0 alpha
> > > + RedHat Linux 5.2 sparc
> > > + RedHat Linux 5.2 i386
> > > + RedHat Linux 5.2 alpha
> > > + S.u.S.E. Linux 7.3sparc
> > > + S.u.S.E. Linux 7.3ppc
> > > + S.u.S.E. Linux 7.3i386
> > > + S.u.S.E. Linux 7.2i386
> > > + S.u.S.E. Linux 7.1x86
> > > + S.u.S.E. Linux 7.1sparc
> > > + S.u.S.E. Linux 7.1ppc
> > > + S.u.S.E. Linux 7.1alpha
> > > + S.u.S.E. Linux 7.0sparc
> > > + S.u.S.E. Linux 7.0ppc
> > > + S.u.S.E. Linux 7.0i386
> > > + S.u.S.E. Linux 7.0alpha
> > > + S.u.S.E. Linux 6.4ppc
> > > + S.u.S.E. Linux 6.4alpha
> > > + S.u.S.E. Linux 6.4
> > > + S.u.S.E. Linux 6.3 ppc
> > > + S.u.S.E. Linux 6.3 alpha
> > > + S.u.S.E. Linux 6.3
> > > + S.u.S.E. Linux 6.2
> > > + S.u.S.E. Linux 6.1 alpha
> > > + S.u.S.E. Linux 6.1
> > > + TurboLinux Turbo Linux 4.0
> > > + Wirex Immunix OS 6.2
> > > Washington University wu-ftpd 2.5.0
> > > + Caldera eDesktop 2.4
> > > + Caldera eServer 2.3.1
> > > + Caldera eServer 2.3
> > > + Caldera OpenLinux 2.4
> > > + Caldera OpenLinux Desktop 2.3
> > > + RedHat Linux 6.0 sparc
> > > + RedHat Linux 6.0 i386
> > > + RedHat Linux 6.0 alpha
> > >
> > >
> > > Summary:
> > >
> > > Wu-Ftpd contains a remotely exploitable heap
> > > corruption bug.
> > >
> > > Impact:
> > >
> > > A remote attacker may execute arbitrary code on
> > > the vulnerable server.
> > >
> > > Technical Description:
> > >
> > > Wu-Ftpd is an ftp server based on the BSD ftpd
> > > that is maintained by
> > > Washington University.
> > >
> > > Wu-Ftpd allows for clients to organize files for
> > > ftp actions based on
> > > "file globbing" patterns. File globbing is
> > > also used by various
> > > shells. The implementation of file globbing
> > > included in Wu-Ftpd
> > > contains a heap corruption vulnerability that may
> > > allow for an attacker
> > > to execute arbitrary code on a server remotely.
> > >
> > > During the processing of a globbing pattern, the
> > > Wu-Ftpd implementation
> > > creates a list of the files that match. The
> > > memory where this data is
> > > stored is on the heap, allocated using malloc().
> > > The globbing function
> > > simply returns a pointer to the list. It is
> > > up to the calling
> > > functions to free the allocated memory.
> > >
> > > If an error occurs processing the pattern, memory
> > > will not be allocated
> > > and a variable indicating this should be set.
> > > The calling functions
> > > must check the value of this variable before
> > > attempting to use the
> > > globbed filenames (and later freeing the memory).
> > >
> > > Under certain circumstances, the globbing function
> > > does not set this
> > > variable when an error occurs. As a result of
> > > this, Wu-Ftpd will
> > > eventually attempt to free uninitialized memory.
> > >
> > > If this region of memory contained
> > > user-controllable data before the
> > > free call, it may be possible to have an
> > > arbitrary word in memory
> > > overwritten with an arbitrary value. This can
> > > lead to execution of
> > > arbitrary code if function pointers or
> > > return addresses are
> > > overwritten.
> > >
> > > If anonymous FTP is not enabled, valid user
> > > credentials are required to
> > > exploit this vulnerability.
> > >
> > > This vulnerability was initially scheduled for
> > > public release on
> > > December 3, 2001. However, Red Hat has made
> > > details public as of
> > > November 27, 2001. As a result, we are forced to
> > > warn other users of
> > > the vulnerable product, so that they may take
> > > appropriate actions.
> > >
> > > Attack Scenarios:
> > >
> > > To exploit this vulnerability, an attacker must
> > > have either valid
> > > credentials required to log in as an FTP user, or
> > > anonymous access must
> > > be enabled.
> > >
> > > The attacker must ensure that a maliciously
> > > constructed malloc header
> > > containing the target address and it's replacement
> > > value are in the
> > > right location in the uninitialized part of the
> > > heap. The attacker
> > > must also place shellcode in server process
> > > memory.
> > >
> > > The attacker must send an FTP command containing
> > > a specific globbing
> > > pattern that does not set the error variable.
> > >
> > > When the server attempts to free the memory used
> > > to store the globbed
> > > filenames, the target word in memory will be
> > > overwritten.
> > >
> > > If an attacker overwrites a function pointer or
> > > return address with a
> > > pointer to the shellcode, it may be executed by
> > > the server process.
> > >
> > > Exploits:
> > >
> > > The following (from the CORE advisory)
> > > demonstrates the existence of
> > > this vulnerability:
> > >
> > > ftp> open localhost
> > > Connected to localhost (127.0.0.1).
> > > 220 sasha FTP server (Version wu-2.6.1-18)
> > > ready.
> > > Name (localhost:root): anonymous
> > > 331 Guest login ok, send your complete e-mail
> > > address as password.
> > > Password:
> > > 230 Guest login ok, access restrictions apply.
> > > Remote system type is UNIX.
> > > Using binary mode to transfer files.
> > > ftp> ls ~{
> > > 227 Entering Passive Mode (127,0,0,1,241,205)
> > > 421 Service not available, remote server has
> > > closed connection
> > >
> > > 1405 ? S 0:00 ftpd: accepting
> > > connections on port 21
> > > 7611 tty3 S 1:29 gdb /usr/sbin/wu.ftpd
> > > 26256 ? S
> > > 0:00 ftpd:
> > > sasha:anonymous/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> > > 26265 tty3 R 0:00 bash -c ps ax | grep
> > > ftpd
> > > (gdb) at 26256
> > > Attaching to program: /usr/sbin/wu.ftpd, process
> > > 26256
> > > Symbols already loaded for /lib/libcrypt.so.1
> > > Symbols already loaded for /lib/libnsl.so.1
> > > Symbols already loaded for /lib/libresolv.so.2
> > > Symbols already loaded for /lib/libpam.so.0
> > > Symbols already loaded for /lib/libdl.so.2
> > > Symbols already loaded for /lib/i686/libc.so.6
> > > Symbols already loaded for /lib/ld-linux.so.2
> > > Symbols already loaded for
> > > /lib/libnss_files.so.2
> > > Symbols already loaded for
> > > /lib/libnss_nisplus.so.2
> > > Symbols already loaded for /lib/libnss_nis.so.2
> > > 0x40165544 in __libc_read () from
> > > /lib/i686/libc.so.6
> > > (gdb) c
> > > Continuing.
> > >
> > > Program received signal SIGSEGV, Segmentation
> > > fault.
> > > __libc_free (mem=0x61616161) at malloc.c:3136
> > > 3136 in malloc.c
> > >
> > > Currently the SecurityFocus staff are not aware
> > > of any exploits for
> > > this issue. If you feel we are in error or are
> > > aware of more recent
> > > information, please mail us at:
> > > vuldb@securityfocus.com
> > > <mailto:vuldb@securityfocus.com>
> > >
> > > Mitigating Strategies:
> > >
> > > This vulnerability is remotely exploitable.
> > > Restricting access to the
> > > network port, (TCP port 21 is standard for FTP),
> > > will block clients
> > > from unauthorized networks.
> > >
> > > With some operating systems, anonymous FTP is
> > > enabled by default.
> > > Anonymous FTP is often in use on public FTP sites,
> > > most often software
> > > repositories. It is basically a guest account
> > > with access to download
> > > files from within a restricted environment.
> > > This vulnerability is
> > > exploitable by clients logged in through anonymous
> > > FTP. Anonymous FTP
> > > should be disabled immediately until fixes are
> > > available, as it would
> > > allow any host on the Internet who can connect
> > > to the service to
> > > exploit this vulnerability. It is a good idea to
> > > disable it normally
> > > unless it is absolutely necessary (in which case
> > > the FTP server should
> > > be on a dedicated, isolated host).
> > >
> > > Stack and other memory protection
> > > schemes may complicate
> > > exploitability, and/or prevent commonly
> > > available exploits from
> > > working. This should not be relied upon
> > > for security. This
> > > vulnerability involves 'poking' words in memory.
> > > This means that there
> > > are many different ways that it may be exploited.
> > > Making the stack
> > > non-executable or checking the integrity of stack
> > > variables may not be
> > > enough to prevent all possibile methods of
> > > exploitation.
> > >
> > > It is advised to disable the service and use
> > > alternatives until fixes
> > > are available.
> > >
> > > Solutions:
> > >
> > > Vendor notified on Nov 14, 2001.
> > >
> > > Fixes will be available from the author as well
> > > as from vendors who
> > > ship products that include Wu-Ftpd as core or
> > > optional components.
> > >
> > > This vulnerability was initially scheduled for
> > > public release on
> > > December 3, 2001. Red Hat pre-emptively
> > > released an advisory on
> > > November 27, 2001. As a result, other vendors may
> > > not yet have fixes
> > > available.
> > >
> > > This record will be updated as fixes from
> > > various vendors become
> > > available.
> > >
> > > For Washington University wu-ftpd 2.6.0:
> > >
> > > SuSE Upgrade 7.3 i386 wuftpd-2.6.0-344.i386.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/wuftpd-2.6.0-344.i386.
> > > rpm
> > >
> > > SuSE Upgrade 7.2 i386 wuftpd-2.6.0-344.i386.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/wuftpd-2.6.0-344.i386.
> > > rpm
> > >
> > > SuSE Upgrade 7.1 i386 wuftpd-2.6.0-346.i386.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/wuftpd-2.6.0-346.i386.
> > > rpm
> > >
> > > SuSE Upgrade 7.0 i386 wuftpd-2.6.0-344.i386.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/wuftpd-2.6.0-344.i386.
> > > rpm
> > >
> > > SuSE Upgrade 6.4 i386 wuftpd-2.6.0-344.i386.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/wuftpd-2.6.0-344.i386.
> > > rpm
> > >
> > > SuSE Upgrade 6.3 i386 wuftpd-2.6.0-347.i386.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/wuftpd-2.6.0-347.i386.
> > > rpm
> > >
> > > SuSE Upgrade 7.3 sparc
> > > wuftpd-2.6.0-240.sparc.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/wuftpd-2.6.0-240.spar
> > > c.rpm
> > >
> > > SuSE Upgrade 7.1 sparc
> > > wuftpd-2.6.0-242.sparc.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/wuftpd-2.6.0-242.spar
> > > c.rpm
> > >
> > > SuSE Upgrade 7.0 sparc
> > > wuftpd-2.6.0-241.sparc.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/wuftpd-2.6.0-241.spar
> > > c.rpm
> > >
> > > SuSE Upgrade 7.1 alpha
> > > wuftpd-2.6.0-252.alpha.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/wuftpd-2.6.0-252.alpha.
> > > rpm
> > >
> > > SuSE Upgrade 7.0 alpha
> > > wuftpd-2.6.0-251.alpha.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/wuftpd-2.6.0-251.alpha.
> > > rpm
> > >
> > > SuSE Upgrade 6.4 alpha
> > > wuftpd-2.6.0-251.alpha.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/wuftpd-2.6.0-251.alpha.
> > > rpm
> > >
> > > SuSE Upgrade 6.3 alpha
> > > wuftpd-2.6.0-250.alpha.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/wuftpd-2.6.0-250.alpha.
> > > rpm
> > >
> > > SuSE Upgrade 7.3 ppc wuftpd-2.6.0-277.ppc.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/wuftpd-2.6.0-277.ppc.rp
> > > m
> > >
> > > SuSE Upgrade 7.1 ppc wuftpd-2.6.0-277.ppc.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/wuftpd-2.6.0-277.ppc.rp
> > > m
> > >
> > > SuSE Upgrade 7.0 ppc wuftpd-2.6.0-279.ppc.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/wuftpd-2.6.0-279.ppc.rp
> > > m
> > >
> > > SuSE Upgrade 6.4 ppc wuftpd-2.6.0-278.ppc.rpm
> > >
> > >
> > ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/wuftpd-2.6.0-278.ppc.rp
> > > m
> > >
> > > For Washington University wu-ftpd 2.6.1:
> > >
> > > Red Hat RPM 6.2 alpha
> > > wu-ftpd-2.6.1-0.6x.21.alpha.rpm
> > >
> > >
> > ftp://updates.redhat.com/6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha.
> > > rpm
> > >
> > > Red Hat RPM 6.2 sparc
> > > wu-ftpd-2.6.1-0.6x.21.sparc.rpm
> > >
> > >
> > ftp://updates.redhat.com/6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc.
> > > rpm
> > >
> > > Caldera RPM OpenLinux 2.3
> > > wu-ftpd-2.6.1-13OL.i386.rpm
> > >
> > >
> > ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS/wu-ftpd-
> > > 2.6.1-13OL.i386.rpm
> > >
> > > Caldera RPM eServer 2.3.1
> > > wu-ftpd-2.6.1-13OL.i386.rpm
> > >
> > >
> > ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/wu-ftpd-2.
> > > 6.1-13OL.i386.rpm
> > >
> > > Caldera RPM eDesktop 2.4
> > > wu-ftpd-2.6.1-13OL.i386.rpm
> > >
> > >
> > ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS/wu-ftpd-2
> > > .6.1-13OL.i386.rpm
> > >
> > > Caldera RPM OpenLinux 3.1 Server
> > > wu-ftpd-2.6.1-13.i386.rpm
> > >
> > >
> > ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/w
> > > u-ftpd-2.6.1-13.i386.rpm
> > >
> > > Wirex Upgrade Immunix 7.0 i386
> > > wu-ftpd-2.6.1-6_imnx_4.i386.rpm
> > >
> > >
> > http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/wu-ftpd-2.6.1-
> > > 6_imnx_4.i386.rpm
> > >
> > > Red Hat RPM 7.0 alpha
> > > wu-ftpd-2.6.1-16.7x.1.alpha.rpm
> > >
> > >
> > ftp://updates.redhat.com/7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.
> > > rpm
> > >
> > > Red Hat RPM 7.0 i386
> > > wu-ftpd-2.6.1-16.7x.1.i386.rpm
> > >
> > >
> > ftp://updates.redhat.com/7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rp
> > > m
> > >
> > > Red Hat RPM 7.1 alpha
> > > wu-ftpd-2.6.1-16.7x.1.alpha.rpm
> > >
> > >
> > ftp://updates.redhat.com/7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.
> > > rpm
> > >
> > > Red Hat RPM 7.1 i386
> > > wu-ftpd-2.6.1-16.7x.1.i386.rpm
> > >
> > >
> > ftp://updates.redhat.com/7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rp
> > > m
> > >
> > > Red Hat RPM 7.1 ia64
> > > wu-ftpd-2.6.1-16.7x.1.ia64.rpm
> > >
> > >
> > ftp://updates.redhat.com/7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rp
> > > m
> > >
> > > Red Hat RPM 7.2 i386 wu-ftpd-2.6.1-20.i386.rpm
> > >
> > >
> > ftp://updates.redhat.com/7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm
> > >
> > > Red Hat RPM 6.2 i386
> > > wu-ftpd-2.6.1-0.6x.21.i386.rpm
> > >
> > >
> > ftp://updates.redhat.com/6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rp
> > > m
> > >
> > > Credit:
> > >
> > > Condition first reported by Matt Power.
> > > Exploitability later confirmed
> > > by Luciano Notarfrancesco and Juan Pablo
> > > Martinez Kuhn from Core
> > > Security Technologies, Buenos Aires, Argentina.
> > >
> > > References:
> > >
> > > advisory:
> > > Caldera CSSA-2001-041.0: Linux - Vulnerability in
> > > wu-ftpd
> > > http://www.securityfocus.com/advisories/3693
> > >
> > > advisory:
> > > Immunix IMNX-2001-70-036-01: wu-ftpd
> > > http://www.securityfocus.com/advisories/3696
> > >
> > > advisory:
> > > RedHat RHSA-2001:157-06: Updated wu-ftpd packages
> > > are available
> > > http://www.securityfocus.com/advisories/3680
> > >
> > > advisory:
> > > SuSE SuSE-SA:2001:043: wuftpd
> > > http://www.securityfocus.com/advisories/3691
> > >
> > > web page:
> > > CORE SDI Homepage (CORE)
> > > http://www.core-sdi.com
> > >
> > > web page:
> > > Wu-Ftpd Homepage (Washington University)
> > > http://www.wu-ftpd.org
> > >
> > > ChangeLog:
> > >
> > > Nov 30, 2001: Wirex Immunix advisory released,
> > > updated packages
> > > available.
> > > Nov 29, 2001: SUSE and Caldera fixes available;
> > > some versions of BSD
> > > FTPD may also be vulnerable.
> > > Nov 26, 2001: Initial analysis.
> > >
> > >
> > --------------------------------------------------------------------------
> -
> > >
> > > HOW TO INTERPRET THIS ALERT
> > >
> > > BUGTRAQ ID: This is a unique
> > > identifier assigned to the
> > > vulnerability by
> > > SecurityFocus.com.
> > >
> > > CVE ID: This is a unique
> > > identifier assigned to the
> > > vulnerability by the CVE.
> > >
> > > Published: The date the vulnerability
> > > was first made public.
> > >
> > > Updated: The date the information was
> > > last updated.
> > >
> > > Remote: Whether this is a
> > > remotely exploitable
> > > vulnerability.
> > >
> > > Local: Whether this is a
> > > locally exploitable
> > > vulnerability.
> > >
> > > Credibility: Describes how credible the
> > > information about the
> > > vulnerability is. Possible
> > > values are:
> > >
> > > Conflicting Reports: The are
> > > multiple conflicting
> > > about the existance of the
> > > vulnerability.
> > >
> > > Single Source: There is
> > > a single non-reliable
> > > source reporting the
> > > existence of the
> > > vulnerability.
> > >
> > > Reliable Source: There is a
> > > single reliable source
> > > reporting the existence of
> > > the vulnerability.
> > >
> > > Conflicting Details: There
> > > is consensus on the
> > > existence of the
> > > vulnerability but not it's
> > > details.
> > >
> > > Multiple Sources: There
> > > is consensus on the
> > > existence and details of the
> > > vulnerability.
> > >
> > > Vendor Confirmed: The
> > > vendor has confirmed the
> > > vulnerability.
> > >
> > > Class: The class of vulnerability.
> > > Possible values are:
> > > Boundary Condition Error,
> > > Access Validation Error,
> > > Origin Validation Error,
> > > Input Valiadtion Error,
> > > Failure to Handle
> > > Exceptional Conditions, Race
> > > Condition Error,
> > > Serialization Error, Atomicity
> > > Error, Environment Error,
> > > and Configuration Error.
> > >
> > > Ease: Rates how easiliy the
> > > vulnerability can be
> > > exploited. Possible
> > > values are: No Exploit
> > > Available, Exploit
> > > Available, and No Exploit
> > > Required.
> > >
> > > Impact: Rates the impact of the
> > > vulnerability. It's range
> > > is 1 through 10.
> > >
> > > Severity: Rates the severity of the
> > > vulnerability. It's range
> > > is 1 through 10. It's
> > > computed from the impact
> > > rating and remote flag.
> > > Remote vulnerabiliteis with
> > > a high impact rating
> > > receive a high severity
> > > rating. Local
> > > vulnerabilities with a low impact
> > > rating receive a low
> > > severity rating.
> > >
> > > Urgency: Rates how quickly you should
> > > take action to fix or
> > > mitigate the vulnerability.
> > > It's range is 1 through
> > > 10. It's computed from the
> > > severity rating, the
> > > ease rating, and the
> > > credibility rating. High
> > > severity vulnerabilities
> > > with a high ease rating,
> > > and a high confidence rating
> > > have a higher urgency
> > > rating. Low severity
> > > vulnerabilities with a low
> > > ease rating, and a low
> > > confidence rating have a
> > > lower urgency rating.
> > >
> > > Last Change: The last change made
> > > to the vulnerability
> > > information.
> > >
> > > Vulnerable Systems: The list of vulnerable
> > > systems. A '+' preceding a
> > > system name indicates
> > > that one of the system
> > > components is vulnerable
> > > vulnerable. For example,
> > > Windows 98 ships with
> > > Internet Explorer. So if a
> > > vulnerability is found in IE
> > > you may see something
> > > like: Microsoft Internet
> > > Explorer + Microsoft
> > > Windows 98
> > >
> > > Non-Vulnerable Systems: The list of non-vulnerable
> > > systems.
> > >
> > > Summary: A concise summary of the
> > > vulnerability.
> > >
> > > Impact: The impact of the
> > > vulnerability.
> > >
> > > Technical Description: The in-depth description of
> > > the vulnerability.
> > >
> > > Attack Scenarios: Ways an attacker may make
> > > use of the vulnerability.
> > >
> > > Exploits: Exploit intructions or
> > > programs.
> > >
> > > Mitigating Strategies: Ways to mitigate the
> > > vulnerability.
> > >
> > > Solutions: Solutions to the
> > > vulnerability.
> > >
> > > Credit: Information about who
> > > disclosed the vulnerability.
> > >
> > > References: Sources of information on
> > > the vulnerability.
> > >
> > > Related Resources: Resources that might be of
> > > additional value.
> > >
> > > ChangeLog: History of changes to the
> > > vulnerability record.
> > >
> > >
> > --------------------------------------------------------------------------
> -
> > >
> > > Copyright 2001
> > > SecurityFocus.com
> > >
> > >
> > >
> > >
> > >
> > > ----------
> > > SecurityFocus - the leading provider of Security
> > > Intelligence Services for
> > > business.
> > > Visit our website at www.securityfocus.com
> > >
> > > EnvoyWorldWide, Inc.
> > > Business-Critical Communications for the wired and
> > > wireless world.
> > > Visit our website at www.envoyww.com
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Buy the perfect holiday gifts at Yahoo! Shopping.
> > http://shopping.yahoo.com
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
> post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss