*ALERT* UPDATED BID 3581 (URGENCY 8.2): Wu-Ftpd File Globbing Heap Corruption Vulnerability
Nancy Sollars
plug-discuss@lists.PLUG.phoenix.az.us
Fri, 30 Nov 2001 20:38:03 -0700
well i think its only RH now that has WU on their distro i know slack has
PROftp, i think SuSE follow'd suit cause of the severe lack of security in
WUftpd especially where local exploits were concern'd.
back in the UK I did build Wuftpd from source with a bounds attack fixed
gcc, i also had the openwall and hap patches in my kernel to stop outside
interference but even then i still did not feel secure having WU ftpd
running.
ok it may be that im paranoid so sue me ;P
Nige
----- Original Message -----
From: "Kevin Brown" <kevin_brown@qwest.net>
To: <plug-discuss@lists.PLUG.phoenix.az.us>
Sent: Friday, November 30, 2001 8:28 PM
Subject: Re: *ALERT* UPDATED BID 3581 (URGENCY 8.2): Wu-Ftpd File Globbing
Heap Corruption Vulnerability
> Article on Slashdot two days ago talked about RedHat releasing an advisory
ahead
> of time. As opposed to waiting for the vendors to come up with a fix then
> release the advisory and fix.
>
> Personally I would prefer that vendors like Redhat release an advisory on
> something like this once they have verification that it is a real hole and
not
> some hoak or accident. At least then those of us in the real world that
are
> using Wuftpd could at least know that it is a security risk and turn it
off till
> the fix is out, or switch to a different product.
>
> Nancy Sollars wrote:
> >
> > Being WU-ftpd its proly true and you must be a right muppet to have it
> > running anyway
> >
> > use Pro or Pure ftp people.
> >
> > Nige
> >
> >
> --------------------------------------------------------------------------
> > -
> > > > Security Alert
> > > >
> > > > Subject: Wu-Ftpd File Globbing Heap Corruption
> > > > Vulnerability
> > > > BUGTRAQ ID: 3581 CVE ID:
> > > > CAN-2001-0550
> > > > Published: Nov 27, 2001 Updated:
> > > > Nov 30, 2001 00:19:10
> > > >
> > > > Remote: Yes Local:
> > > > No
> > > > Availability: Always Authentication:
> > > > Not Required
> > > > Credibility: Vendor Confirmed Ease:
> > > > No Exploit Available
> > > > Class: Failure to Handle Exceptional
> > > > Conditions
> > > >
> > > > Impact: 10.0 Severity: 10.0
> > > > Urgency: 8.2
> > > >
> > > > Last Change: Wirex Immunix advisory released,
> > > > updated packages available.
> > > >
> >
> --------------------------------------------------------------------------
> > -
> > > >
> > > > Vulnerable Systems:
> > > >
> > > > David Madore ftpd-BSD 0.3.3
> > > > David Madore ftpd-BSD 0.3.2
> > > > Washington University wu-ftpd 2.6.1
> > > > + Caldera eDesktop 2.4
> > > > + Caldera eServer 2.3.1
> > > > + Caldera OpenLinux 2.3
> > > > + Caldera OpenLinux Server 3.1
> > > > + Cobalt Qube 1.0
> > > > + Conectiva Linux 7.0
> > > > + Conectiva Linux 6.0
> > > > + MandrakeSoft Corporate Server 1.0.1
> > > > + MandrakeSoft Linux Mandrake 8.1
> > > > + MandrakeSoft Linux Mandrake 8.0 ppc
> > > > + MandrakeSoft Linux Mandrake 8.0
> > > > + MandrakeSoft Linux Mandrake 7.2
> > > > + MandrakeSoft Linux Mandrake 7.1
> > > > + MandrakeSoft Linux Mandrake 7.0
> > > > + MandrakeSoft Linux Mandrake 6.1
> > > > + MandrakeSoft Linux Mandrake 6.0
> > > > + RedHat Linux 7.2 noarch
> > > > + RedHat Linux 7.2 ia64
> > > > + RedHat Linux 7.2 i686
> > > > + RedHat Linux 7.2 i586
> > > > + RedHat Linux 7.2 i386
> > > > + RedHat Linux 7.2 athlon
> > > > + RedHat Linux 7.2 alpha
> > > > + RedHat Linux 7.1 noarch
> > > > + RedHat Linux 7.1 ia64
> > > > + RedHat Linux 7.1 i686
> > > > + RedHat Linux 7.1 i586
> > > > + RedHat Linux 7.1 i386
> > > > + RedHat Linux 7.1 alpha
> > > > + RedHat Linux 7.0 sparc
> > > > + RedHat Linux 7.0 i386
> > > > + RedHat Linux 7.0 alpha
> > > > + TurboLinux TL Workstation 6.1
> > > > + TurboLinux Turbo Linux 6.0.5
> > > > + TurboLinux Turbo Linux 6.0.4
> > > > + TurboLinux Turbo Linux 6.0.3
> > > > + TurboLinux Turbo Linux 6.0.2
> > > > + TurboLinux Turbo Linux 6.0.1
> > > > + TurboLinux Turbo Linux 6.0
> > > > + Wirex Immunix OS 7.0-Beta
> > > > + Wirex Immunix OS 7.0
> > > > Washington University wu-ftpd 2.6.0
> > > > + Cobalt Qube 1.0
> > > > + Conectiva Linux 5.1
> > > > + Conectiva Linux 5.0
> > > > + Conectiva Linux 4.2
> > > > + Conectiva Linux 4.1
> > > > + Conectiva Linux 4.0es
> > > > + Conectiva Linux 4.0
> > > > + Debian Linux 2.2 sparc
> > > > + Debian Linux 2.2 powerpc
> > > > + Debian Linux 2.2 arm
> > > > + Debian Linux 2.2 alpha
> > > > + Debian Linux 2.2 68k
> > > > + Debian Linux 2.2
> > > > + RedHat Linux 6.2 sparc
> > > > + RedHat Linux 6.2 i386
> > > > + RedHat Linux 6.2 alpha
> > > > + RedHat Linux 6.1 sparc
> > > > + RedHat Linux 6.1 i386
> > > > + RedHat Linux 6.1 alpha
> > > > + RedHat Linux 6.0 sparc
> > > > + RedHat Linux 6.0 i386
> > > > + RedHat Linux 6.0 alpha
> > > > + RedHat Linux 5.2 sparc
> > > > + RedHat Linux 5.2 i386
> > > > + RedHat Linux 5.2 alpha
> > > > + S.u.S.E. Linux 7.3sparc
> > > > + S.u.S.E. Linux 7.3ppc
> > > > + S.u.S.E. Linux 7.3i386
> > > > + S.u.S.E. Linux 7.2i386
> > > > + S.u.S.E. Linux 7.1x86
> > > > + S.u.S.E. Linux 7.1sparc
> > > > + S.u.S.E. Linux 7.1ppc
> > > > + S.u.S.E. Linux 7.1alpha
> > > > + S.u.S.E. Linux 7.0sparc
> > > > + S.u.S.E. Linux 7.0ppc
> > > > + S.u.S.E. Linux 7.0i386
> > > > + S.u.S.E. Linux 7.0alpha
> > > > + S.u.S.E. Linux 6.4ppc
> > > > + S.u.S.E. Linux 6.4alpha
> > > > + S.u.S.E. Linux 6.4
> > > > + S.u.S.E. Linux 6.3 ppc
> > > > + S.u.S.E. Linux 6.3 alpha
> > > > + S.u.S.E. Linux 6.3
> > > > + S.u.S.E. Linux 6.2
> > > > + S.u.S.E. Linux 6.1 alpha
> > > > + S.u.S.E. Linux 6.1
> > > > + TurboLinux Turbo Linux 4.0
> > > > + Wirex Immunix OS 6.2
> > > > Washington University wu-ftpd 2.5.0
> > > > + Caldera eDesktop 2.4
> > > > + Caldera eServer 2.3.1
> > > > + Caldera eServer 2.3
> > > > + Caldera OpenLinux 2.4
> > > > + Caldera OpenLinux Desktop 2.3
> > > > + RedHat Linux 6.0 sparc
> > > > + RedHat Linux 6.0 i386
> > > > + RedHat Linux 6.0 alpha
> > > >
> > > >
> > > > Summary:
> > > >
> > > > Wu-Ftpd contains a remotely exploitable heap
> > > > corruption bug.
> > > >
> > > > Impact:
> > > >
> > > > A remote attacker may execute arbitrary code on
> > > > the vulnerable server.
> > > >
> > > > Technical Description:
> > > >
> > > > Wu-Ftpd is an ftp server based on the BSD ftpd
> > > > that is maintained by
> > > > Washington University.
> > > >
> > > > Wu-Ftpd allows for clients to organize files for
> > > > ftp actions based on
> > > > "file globbing" patterns. File globbing is
> > > > also used by various
> > > > shells. The implementation of file globbing
> > > > included in Wu-Ftpd
> > > > contains a heap corruption vulnerability that may
> > > > allow for an attacker
> > > > to execute arbitrary code on a server remotely.
> > > >
> > > > During the processing of a globbing pattern, the
> > > > Wu-Ftpd implementation
> > > > creates a list of the files that match. The
> > > > memory where this data is
> > > > stored is on the heap, allocated using malloc().
> > > > The globbing function
> > > > simply returns a pointer to the list. It is
> > > > up to the calling
> > > > functions to free the allocated memory.
> > > >
> > > > If an error occurs processing the pattern, memory
> > > > will not be allocated
> > > > and a variable indicating this should be set.
> > > > The calling functions
> > > > must check the value of this variable before
> > > > attempting to use the
> > > > globbed filenames (and later freeing the memory).
> > > >
> > > > Under certain circumstances, the globbing function
> > > > does not set this
> > > > variable when an error occurs. As a result of
> > > > this, Wu-Ftpd will
> > > > eventually attempt to free uninitialized memory.
> > > >
> > > > If this region of memory contained
> > > > user-controllable data before the
> > > > free call, it may be possible to have an
> > > > arbitrary word in memory
> > > > overwritten with an arbitrary value. This can
> > > > lead to execution of
> > > > arbitrary code if function pointers or
> > > > return addresses are
> > > > overwritten.
> > > >
> > > > If anonymous FTP is not enabled, valid user
> > > > credentials are required to
> > > > exploit this vulnerability.
> > > >
> > > > This vulnerability was initially scheduled for
> > > > public release on
> > > > December 3, 2001. However, Red Hat has made
> > > > details public as of
> > > > November 27, 2001. As a result, we are forced to
> > > > warn other users of
> > > > the vulnerable product, so that they may take
> > > > appropriate actions.
> > > >
> > > > Attack Scenarios:
> > > >
> > > > To exploit this vulnerability, an attacker must
> > > > have either valid
> > > > credentials required to log in as an FTP user, or
> > > > anonymous access must
> > > > be enabled.
> > > >
> > > > The attacker must ensure that a maliciously
> > > > constructed malloc header
> > > > containing the target address and it's replacement
> > > > value are in the
> > > > right location in the uninitialized part of the
> > > > heap. The attacker
> > > > must also place shellcode in server process
> > > > memory.
> > > >
> > > > The attacker must send an FTP command containing
> > > > a specific globbing
> > > > pattern that does not set the error variable.
> > > >
> > > > When the server attempts to free the memory used
> > > > to store the globbed
> > > > filenames, the target word in memory will be
> > > > overwritten.
> > > >
> > > > If an attacker overwrites a function pointer or
> > > > return address with a
> > > > pointer to the shellcode, it may be executed by
> > > > the server process.
> > > >
> > > > Exploits:
> > > >
> > > > The following (from the CORE advisory)
> > > > demonstrates the existence of
> > > > this vulnerability:
> > > >
> > > > ftp> open localhost
> > > > Connected to localhost (127.0.0.1).
> > > > 220 sasha FTP server (Version wu-2.6.1-18)
> > > > ready.
> > > > Name (localhost:root): anonymous
> > > > 331 Guest login ok, send your complete e-mail
> > > > address as password.
> > > > Password:
> > > > 230 Guest login ok, access restrictions apply.
> > > > Remote system type is UNIX.
> > > > Using binary mode to transfer files.
> > > > ftp> ls ~{
> > > > 227 Entering Passive Mode (127,0,0,1,241,205)
> > > > 421 Service not available, remote server has
> > > > closed connection
> > > >
> > > > 1405 ? S 0:00 ftpd: accepting
> > > > connections on port 21
> > > > 7611 tty3 S 1:29 gdb /usr/sbin/wu.ftpd
> > > > 26256 ? S
> > > > 0:00 ftpd:
> > > > sasha:anonymous/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> > > > 26265 tty3 R 0:00 bash -c ps ax | grep
> > > > ftpd
> > > > (gdb) at 26256
> > > > Attaching to program: /usr/sbin/wu.ftpd, process
> > > > 26256
> > > > Symbols already loaded for /lib/libcrypt.so.1
> > > > Symbols already loaded for /lib/libnsl.so.1
> > > > Symbols already loaded for /lib/libresolv.so.2
> > > > Symbols already loaded for /lib/libpam.so.0
> > > > Symbols already loaded for /lib/libdl.so.2
> > > > Symbols already loaded for /lib/i686/libc.so.6
> > > > Symbols already loaded for /lib/ld-linux.so.2
> > > > Symbols already loaded for
> > > > /lib/libnss_files.so.2
> > > > Symbols already loaded for
> > > > /lib/libnss_nisplus.so.2
> > > > Symbols already loaded for /lib/libnss_nis.so.2
> > > > 0x40165544 in __libc_read () from
> > > > /lib/i686/libc.so.6
> > > > (gdb) c
> > > > Continuing.
> > > >
> > > > Program received signal SIGSEGV, Segmentation
> > > > fault.
> > > > __libc_free (mem=0x61616161) at malloc.c:3136
> > > > 3136 in malloc.c
> > > >
> > > > Currently the SecurityFocus staff are not aware
> > > > of any exploits for
> > > > this issue. If you feel we are in error or are
> > > > aware of more recent
> > > > information, please mail us at:
> > > > vuldb@securityfocus.com
> > > > <mailto:vuldb@securityfocus.com>
> > > >
> > > > Mitigating Strategies:
> > > >
> > > > This vulnerability is remotely exploitable.
> > > > Restricting access to the
> > > > network port, (TCP port 21 is standard for FTP),
> > > > will block clients
> > > > from unauthorized networks.
> > > >
> > > > With some operating systems, anonymous FTP is
> > > > enabled by default.
> > > > Anonymous FTP is often in use on public FTP sites,
> > > > most often software
> > > > repositories. It is basically a guest account
> > > > with access to download
> > > > files from within a restricted environment.
> > > > This vulnerability is
> > > > exploitable by clients logged in through anonymous
> > > > FTP. Anonymous FTP
> > > > should be disabled immediately until fixes are
> > > > available, as it would
> > > > allow any host on the Internet who can connect
> > > > to the service to
> > > > exploit this vulnerability. It is a good idea to
> > > > disable it normally
> > > > unless it is absolutely necessary (in which case
> > > > the FTP server should
> > > > be on a dedicated, isolated host).
> > > >
> > > > Stack and other memory protection
> > > > schemes may complicate
> > > > exploitability, and/or prevent commonly
> > > > available exploits from
> > > > working. This should not be relied upon
> > > > for security. This
> > > > vulnerability involves 'poking' words in memory.
> > > > This means that there
> > > > are many different ways that it may be exploited.
> > > > Making the stack
> > > > non-executable or checking the integrity of stack
> > > > variables may not be
> > > > enough to prevent all possibile methods of
> > > > exploitation.
> > > >
> > > > It is advised to disable the service and use
> > > > alternatives until fixes
> > > > are available.
> > > >
> > > > Solutions:
> > > >
> > > > Vendor notified on Nov 14, 2001.
> > > >
> > > > Fixes will be available from the author as well
> > > > as from vendors who
> > > > ship products that include Wu-Ftpd as core or
> > > > optional components.
> > > >
> > > > This vulnerability was initially scheduled for
> > > > public release on
> > > > December 3, 2001. Red Hat pre-emptively
> > > > released an advisory on
> > > > November 27, 2001. As a result, other vendors may
> > > > not yet have fixes
> > > > available.
> > > >
> > > > This record will be updated as fixes from
> > > > various vendors become
> > > > available.
> > > >
> > > > For Washington University wu-ftpd 2.6.0:
> > > >
> > > > SuSE Upgrade 7.3 i386 wuftpd-2.6.0-344.i386.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/wuftpd-2.6.0-344.i386.
> > > > rpm
> > > >
> > > > SuSE Upgrade 7.2 i386 wuftpd-2.6.0-344.i386.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/wuftpd-2.6.0-344.i386.
> > > > rpm
> > > >
> > > > SuSE Upgrade 7.1 i386 wuftpd-2.6.0-346.i386.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/wuftpd-2.6.0-346.i386.
> > > > rpm
> > > >
> > > > SuSE Upgrade 7.0 i386 wuftpd-2.6.0-344.i386.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/wuftpd-2.6.0-344.i386.
> > > > rpm
> > > >
> > > > SuSE Upgrade 6.4 i386 wuftpd-2.6.0-344.i386.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/wuftpd-2.6.0-344.i386.
> > > > rpm
> > > >
> > > > SuSE Upgrade 6.3 i386 wuftpd-2.6.0-347.i386.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/wuftpd-2.6.0-347.i386.
> > > > rpm
> > > >
> > > > SuSE Upgrade 7.3 sparc
> > > > wuftpd-2.6.0-240.sparc.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/wuftpd-2.6.0-240.spar
> > > > c.rpm
> > > >
> > > > SuSE Upgrade 7.1 sparc
> > > > wuftpd-2.6.0-242.sparc.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/wuftpd-2.6.0-242.spar
> > > > c.rpm
> > > >
> > > > SuSE Upgrade 7.0 sparc
> > > > wuftpd-2.6.0-241.sparc.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/wuftpd-2.6.0-241.spar
> > > > c.rpm
> > > >
> > > > SuSE Upgrade 7.1 alpha
> > > > wuftpd-2.6.0-252.alpha.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/wuftpd-2.6.0-252.alpha.
> > > > rpm
> > > >
> > > > SuSE Upgrade 7.0 alpha
> > > > wuftpd-2.6.0-251.alpha.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/wuftpd-2.6.0-251.alpha.
> > > > rpm
> > > >
> > > > SuSE Upgrade 6.4 alpha
> > > > wuftpd-2.6.0-251.alpha.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/wuftpd-2.6.0-251.alpha.
> > > > rpm
> > > >
> > > > SuSE Upgrade 6.3 alpha
> > > > wuftpd-2.6.0-250.alpha.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/wuftpd-2.6.0-250.alpha.
> > > > rpm
> > > >
> > > > SuSE Upgrade 7.3 ppc wuftpd-2.6.0-277.ppc.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/wuftpd-2.6.0-277.ppc.rp
> > > > m
> > > >
> > > > SuSE Upgrade 7.1 ppc wuftpd-2.6.0-277.ppc.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/wuftpd-2.6.0-277.ppc.rp
> > > > m
> > > >
> > > > SuSE Upgrade 7.0 ppc wuftpd-2.6.0-279.ppc.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/wuftpd-2.6.0-279.ppc.rp
> > > > m
> > > >
> > > > SuSE Upgrade 6.4 ppc wuftpd-2.6.0-278.ppc.rpm
> > > >
> > > >
> > > ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/wuftpd-2.6.0-278.ppc.rp
> > > > m
> > > >
> > > > For Washington University wu-ftpd 2.6.1:
> > > >
> > > > Red Hat RPM 6.2 alpha
> > > > wu-ftpd-2.6.1-0.6x.21.alpha.rpm
> > > >
> > > >
> > > ftp://updates.redhat.com/6.2/en/os/alpha/wu-ftpd-2.6.1-0.6x.21.alpha.
> > > > rpm
> > > >
> > > > Red Hat RPM 6.2 sparc
> > > > wu-ftpd-2.6.1-0.6x.21.sparc.rpm
> > > >
> > > >
> > > ftp://updates.redhat.com/6.2/en/os/sparc/wu-ftpd-2.6.1-0.6x.21.sparc.
> > > > rpm
> > > >
> > > > Caldera RPM OpenLinux 2.3
> > > > wu-ftpd-2.6.1-13OL.i386.rpm
> > > >
> > > >
> > > ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS/wu-ftpd-
> > > > 2.6.1-13OL.i386.rpm
> > > >
> > > > Caldera RPM eServer 2.3.1
> > > > wu-ftpd-2.6.1-13OL.i386.rpm
> > > >
> > > >
> > > ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/wu-ftpd-2.
> > > > 6.1-13OL.i386.rpm
> > > >
> > > > Caldera RPM eDesktop 2.4
> > > > wu-ftpd-2.6.1-13OL.i386.rpm
> > > >
> > > >
> > > ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS/wu-ftpd-2
> > > > .6.1-13OL.i386.rpm
> > > >
> > > > Caldera RPM OpenLinux 3.1 Server
> > > > wu-ftpd-2.6.1-13.i386.rpm
> > > >
> > > >
> > > ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/w
> > > > u-ftpd-2.6.1-13.i386.rpm
> > > >
> > > > Wirex Upgrade Immunix 7.0 i386
> > > > wu-ftpd-2.6.1-6_imnx_4.i386.rpm
> > > >
> > > >
> > > http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/wu-ftpd-2.6.1-
> > > > 6_imnx_4.i386.rpm
> > > >
> > > > Red Hat RPM 7.0 alpha
> > > > wu-ftpd-2.6.1-16.7x.1.alpha.rpm
> > > >
> > > >
> > > ftp://updates.redhat.com/7.0/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.
> > > > rpm
> > > >
> > > > Red Hat RPM 7.0 i386
> > > > wu-ftpd-2.6.1-16.7x.1.i386.rpm
> > > >
> > > >
> > > ftp://updates.redhat.com/7.0/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rp
> > > > m
> > > >
> > > > Red Hat RPM 7.1 alpha
> > > > wu-ftpd-2.6.1-16.7x.1.alpha.rpm
> > > >
> > > >
> > > ftp://updates.redhat.com/7.1/en/os/alpha/wu-ftpd-2.6.1-16.7x.1.alpha.
> > > > rpm
> > > >
> > > > Red Hat RPM 7.1 i386
> > > > wu-ftpd-2.6.1-16.7x.1.i386.rpm
> > > >
> > > >
> > > ftp://updates.redhat.com/7.1/en/os/i386/wu-ftpd-2.6.1-16.7x.1.i386.rp
> > > > m
> > > >
> > > > Red Hat RPM 7.1 ia64
> > > > wu-ftpd-2.6.1-16.7x.1.ia64.rpm
> > > >
> > > >
> > > ftp://updates.redhat.com/7.1/en/os/ia64/wu-ftpd-2.6.1-16.7x.1.ia64.rp
> > > > m
> > > >
> > > > Red Hat RPM 7.2 i386 wu-ftpd-2.6.1-20.i386.rpm
> > > >
> > > >
> > > ftp://updates.redhat.com/7.2/en/os/i386/wu-ftpd-2.6.1-20.i386.rpm
> > > >
> > > > Red Hat RPM 6.2 i386
> > > > wu-ftpd-2.6.1-0.6x.21.i386.rpm
> > > >
> > > >
> > > ftp://updates.redhat.com/6.2/en/os/i386/wu-ftpd-2.6.1-0.6x.21.i386.rp
> > > > m
> > > >
> > > > Credit:
> > > >
> > > > Condition first reported by Matt Power.
> > > > Exploitability later confirmed
> > > > by Luciano Notarfrancesco and Juan Pablo
> > > > Martinez Kuhn from Core
> > > > Security Technologies, Buenos Aires, Argentina.
> > > >
> > > > References:
> > > >
> > > > advisory:
> > > > Caldera CSSA-2001-041.0: Linux - Vulnerability in
> > > > wu-ftpd
> > > > http://www.securityfocus.com/advisories/3693
> > > >
> > > > advisory:
> > > > Immunix IMNX-2001-70-036-01: wu-ftpd
> > > > http://www.securityfocus.com/advisories/3696
> > > >
> > > > advisory:
> > > > RedHat RHSA-2001:157-06: Updated wu-ftpd packages
> > > > are available
> > > > http://www.securityfocus.com/advisories/3680
> > > >
> > > > advisory:
> > > > SuSE SuSE-SA:2001:043: wuftpd
> > > > http://www.securityfocus.com/advisories/3691
> > > >
> > > > web page:
> > > > CORE SDI Homepage (CORE)
> > > > http://www.core-sdi.com
> > > >
> > > > web page:
> > > > Wu-Ftpd Homepage (Washington University)
> > > > http://www.wu-ftpd.org
> > > >
> > > > ChangeLog:
> > > >
> > > > Nov 30, 2001: Wirex Immunix advisory released,
> > > > updated packages
> > > > available.
> > > > Nov 29, 2001: SUSE and Caldera fixes available;
> > > > some versions of BSD
> > > > FTPD may also be vulnerable.
> > > > Nov 26, 2001: Initial analysis.
> > > >
> > > >
> >
> --------------------------------------------------------------------------
> > -
> > > >
> > > > HOW TO INTERPRET THIS ALERT
> > > >
> > > > BUGTRAQ ID: This is a unique
> > > > identifier assigned to the
> > > > vulnerability by
> > > > SecurityFocus.com.
> > > >
> > > > CVE ID: This is a unique
> > > > identifier assigned to the
> > > > vulnerability by the CVE.
> > > >
> > > > Published: The date the vulnerability
> > > > was first made public.
> > > >
> > > > Updated: The date the information was
> > > > last updated.
> > > >
> > > > Remote: Whether this is a
> > > > remotely exploitable
> > > > vulnerability.
> > > >
> > > > Local: Whether this is a
> > > > locally exploitable
> > > > vulnerability.
> > > >
> > > > Credibility: Describes how credible the
> > > > information about the
> > > > vulnerability is. Possible
> > > > values are:
> > > >
> > > > Conflicting Reports: The are
> > > > multiple conflicting
> > > > about the existance of the
> > > > vulnerability.
> > > >
> > > > Single Source: There is
> > > > a single non-reliable
> > > > source reporting the
> > > > existence of the
> > > > vulnerability.
> > > >
> > > > Reliable Source: There is a
> > > > single reliable source
> > > > reporting the existence of
> > > > the vulnerability.
> > > >
> > > > Conflicting Details: There
> > > > is consensus on the
> > > > existence of the
> > > > vulnerability but not it's
> > > > details.
> > > >
> > > > Multiple Sources: There
> > > > is consensus on the
> > > > existence and details of the
> > > > vulnerability.
> > > >
> > > > Vendor Confirmed: The
> > > > vendor has confirmed the
> > > > vulnerability.
> > > >
> > > > Class: The class of vulnerability.
> > > > Possible values are:
> > > > Boundary Condition Error,
> > > > Access Validation Error,
> > > > Origin Validation Error,
> > > > Input Valiadtion Error,
> > > > Failure to Handle
> > > > Exceptional Conditions, Race
> > > > Condition Error,
> > > > Serialization Error, Atomicity
> > > > Error, Environment Error,
> > > > and Configuration Error.
> > > >
> > > > Ease: Rates how easiliy the
> > > > vulnerability can be
> > > > exploited. Possible
> > > > values are: No Exploit
> > > > Available, Exploit
> > > > Available, and No Exploit
> > > > Required.
> > > >
> > > > Impact: Rates the impact of the
> > > > vulnerability. It's range
> > > > is 1 through 10.
> > > >
> > > > Severity: Rates the severity of the
> > > > vulnerability. It's range
> > > > is 1 through 10. It's
> > > > computed from the impact
> > > > rating and remote flag.
> > > > Remote vulnerabiliteis with
> > > > a high impact rating
> > > > receive a high severity
> > > > rating. Local
> > > > vulnerabilities with a low impact
> > > > rating receive a low
> > > > severity rating.
> > > >
> > > > Urgency: Rates how quickly you should
> > > > take action to fix or
> > > > mitigate the vulnerability.
> > > > It's range is 1 through
> > > > 10. It's computed from the
> > > > severity rating, the
> > > > ease rating, and the
> > > > credibility rating. High
> > > > severity vulnerabilities
> > > > with a high ease rating,
> > > > and a high confidence rating
> > > > have a higher urgency
> > > > rating. Low severity
> > > > vulnerabilities with a low
> > > > ease rating, and a low
> > > > confidence rating have a
> > > > lower urgency rating.
> > > >
> > > > Last Change: The last change made
> > > > to the vulnerability
> > > > information.
> > > >
> > > > Vulnerable Systems: The list of vulnerable
> > > > systems. A '+' preceding a
> > > > system name indicates
> > > > that one of the system
> > > > components is vulnerable
> > > > vulnerable. For example,
> > > > Windows 98 ships with
> > > > Internet Explorer. So if a
> > > > vulnerability is found in IE
> > > > you may see something
> > > > like: Microsoft Internet
> > > > Explorer + Microsoft
> > > > Windows 98
> > > >
> > > > Non-Vulnerable Systems: The list of non-vulnerable
> > > > systems.
> > > >
> > > > Summary: A concise summary of the
> > > > vulnerability.
> > > >
> > > > Impact: The impact of the
> > > > vulnerability.
> > > >
> > > > Technical Description: The in-depth description of
> > > > the vulnerability.
> > > >
> > > > Attack Scenarios: Ways an attacker may make
> > > > use of the vulnerability.
> > > >
> > > > Exploits: Exploit intructions or
> > > > programs.
> > > >
> > > > Mitigating Strategies: Ways to mitigate the
> > > > vulnerability.
> > > >
> > > > Solutions: Solutions to the
> > > > vulnerability.
> > > >
> > > > Credit: Information about who
> > > > disclosed the vulnerability.
> > > >
> > > > References: Sources of information on
> > > > the vulnerability.
> > > >
> > > > Related Resources: Resources that might be of
> > > > additional value.
> > > >
> > > > ChangeLog: History of changes to the
> > > > vulnerability record.
> > > >
> > > >
> >
> --------------------------------------------------------------------------
> > -
> > > >
> > > > Copyright 2001
> > > > SecurityFocus.com
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > ----------
> > > > SecurityFocus - the leading provider of Security
> > > > Intelligence Services for
> > > > business.
> > > > Visit our website at www.securityfocus.com
> > > >
> > > > EnvoyWorldWide, Inc.
> > > > Business-Critical Communications for the wired and
> > > > wireless world.
> > > > Visit our website at www.envoyww.com
> > >
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Buy the perfect holiday gifts at Yahoo! Shopping.
> > > http://shopping.yahoo.com
> > > ________________________________________________
> > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail
doesn't
> > post to the list quickly and you use Netscape to write mail.
> > >
> > > PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > >
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>