Re: SECURITY: new wu-ftpd packages available (fwd)

From: Henrik Storner (storner@N-M.COM)
Date: Fri Feb 12 1999 - 01:25:42 PST

Next message: Joel Eriksson: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"

Previous message: Joel Eriksson: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"
Maybe in reply to: RHS Linux User: "SECURITY: new wu-ftpd packages available (fwd)"
Next in thread: Tomasz Grabowski: "Re: SECURITY: new wu-ftpd packages available (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ronald Wahl wrote:
>
> On Tue, 9 Feb 1999, RHS Linux User wrote:
> > A security vulnerability has been identified in all versions of the wu-ftpd
> > server binary shipped with Red Hat Linux.
>
> Is it possible that the bug is not fixed yet?
>
> mkdir <verylongname> let the deamon do funny things. Can someone reproduce
> this?

I looked into the patch that Red Hat included with the new wu-ftpd
package.
It does implement some checking of the parameters given to the ftp
daemon's realpath() routine; however, at the very top of this routine
there
is an unguarded "strcpy(currpath, pathname)" - the currpath buffer is
declared
locally of size MAXPATHLEN (4K on Linux, it seems).

It looks as if it is still vulnerable.

Next message: Joel Eriksson: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"
Previous message: Joel Eriksson: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"
Maybe in reply to: RHS Linux User: "SECURITY: new wu-ftpd packages available (fwd)"
Next in thread: Tomasz Grabowski: "Re: SECURITY: new wu-ftpd packages available (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:10 PDT