` 
---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          remote root exploit (SITE EXEC) fixed
Advisory ID:       RHSA-2000:039-02
Issue date:        2000-06-23
Updated on:        2000-06-23
Product:           Red Hat Linux
Keywords:          wu-ftpd, root exploit, site exec, buffer overrun
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

A security bug in wu-ftpd can permit remote users, even without
an account, to gain root access.
The new version closes the hole.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386 alpha sparc
Red Hat Linux 6.2 - i386 alpha sparc

3. Problem description:

An exploitable buffer overrun existed in wu-ftpd code's status update code.
Fixed by adding bounds checking by passing the status strings through %s.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

N/A

6. RPMs required:

Red Hat Linux 5.2:

i386:

alpha:

sparc:

sources:

Red Hat Linux 6.2:

i386:

alpha:

sparc:

sources:

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
e1f3b09d8ad0067fa7fd22e7afe77e64  5.2/SRPMS/wu-ftpd-2.6.0-2.5.x.src.rpm
7c2f89b3f8533ec54a36c5dde5995ce6  5.2/alpha/wu-ftpd-2.6.0-2.5.x.alpha.rpm
8dbd0b0f1fa1d0755393942cb4cb141d  5.2/i386/wu-ftpd-2.6.0-2.5.x.i386.rpm
5d9df2512a15e5c8914f398d980b12e7  5.2/sparc/wu-ftpd-2.6.0-2.5.x.sparc.rpm
67349a75b767585628912b840e52806e  6.2/SRPMS/wu-ftpd-2.6.0-14.6x.src.rpm
fafe870fc91762dd7e9182df3b4dfee5  6.2/alpha/wu-ftpd-2.6.0-14.6x.alpha.rpm
50c11f333641277ab75e6207bffb13b4  6.2/i386/wu-ftpd-2.6.0-14.6x.i386.rpm
8abba6ffa660d1c221581855630ed40d  6.2/sparc/wu-ftpd-2.6.0-14.6x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    
You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

N/A
`

RedHat: wu-ftpd update

Buffer overflow in wu-ftpd 2.6.0 and below fixed

Summary



Summary

An exploitable buffer overrun existed in wu-ftpd code's status update code.Fixed by adding bounds checking by passing the status strings through %s.


Solution

For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed ( for more info):
N/A
6. RPMs required:
Red Hat Linux 5.2:
i386:
alpha:
sparc:
sources:
Red Hat Linux 6.2:
i386:
alpha:
sparc:
sources:
7. Verification:
MD5 sum Package Name e1f3b09d8ad0067fa7fd22e7afe77e64 5.2/SRPMS/wu-ftpd-2.6.0-2.5.x.src.rpm 7c2f89b3f8533ec54a36c5dde5995ce6 5.2/alpha/wu-ftpd-2.6.0-2.5.x.alpha.rpm 8dbd0b0f1fa1d0755393942cb4cb141d 5.2/i386/wu-ftpd-2.6.0-2.5.x.i386.rpm 5d9df2512a15e5c8914f398d980b12e7 5.2/sparc/wu-ftpd-2.6.0-2.5.x.sparc.rpm 67349a75b767585628912b840e52806e 6.2/SRPMS/wu-ftpd-2.6.0-14.6x.src.rpm fafe870fc91762dd7e9182df3b4dfee5 6.2/alpha/wu-ftpd-2.6.0-14.6x.alpha.rpm 50c11f333641277ab75e6207bffb13b4 6.2/i386/wu-ftpd-2.6.0-14.6x.i386.rpm 8abba6ffa660d1c221581855630ed40d 6.2/sparc/wu-ftpd-2.6.0-14.6x.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

References

N/A `

Package List


Severity
Advisory ID: RHSA-2000:039-02
Issued Date: : 2000-06-23
Updated on: 2000-06-23
Product: Red Hat Linux
Keywords: wu-ftpd, root exploit, site exec, buffer overrun
Cross references: N/A

Topic


Topic

A security bug in wu-ftpd can permit remote users, even without

an account, to gain root access.

The new version closes the hole.


 

Relevant Releases Architectures

Red Hat Linux 5.2 - i386 alpha sparc

Red Hat Linux 6.2 - i386 alpha sparc


Bugs Fixed


Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved