Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD

From: Richard Trott (trottat_private)
Date: Wed Oct 20 1999 - 15:16:51 PDT

Next message: Pete Krawczyk: "Hotmail security vulnerability"

Previous message: Aleph One: "Microsoft Security Bulletin (MS99-044)"
Maybe in reply to: Aleph One: "CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD"
Next in thread: Chad Price: "Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> WU-FTPD and BeroFTPD
>
>    Vulnerability #1:
>
>    Not vulnerable:
>           versions 2.4.2 and all betas and earlier versions
>           Vulnerable:
>           wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15
>           wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17
>           wu-ftpd-2.5.0
>           BeroFTPD, all versions

CERT appears to have left out wu-ftpd-2.6.0 (although they included it in
the lists for the other two vulnerabilities).

Version 2.6.0 does *not* have the "MAPPING_CHDIR Buffer Overflow"
vulnerability, at least if the ANNOUNCE-RELEASE file for that version is
to be believed.  It reads, in part:

"Corrected an error in the MAPPING_CHDIR feature which could be used to
gain root privileges on the server."

Presumably, this refers to this vulnerability.

Rich

Next message: Pete Krawczyk: "Hotmail security vulnerability"
Previous message: Aleph One: "Microsoft Security Bulletin (MS99-044)"
Maybe in reply to: Aleph One: "CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD"
Next in thread: Chad Price: "Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:12 PDT