Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD

• Previous message: Marc SCHAEFER: "Local user can send forged packets"
• Maybe in reply to: Aleph One: "CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD"
• Next in thread: Gregory A Lundberg: "Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 20, 1999 at 03:16:51PM -0700, Richard Trott wrote:

> > WU-FTPD and BeroFTPD
> >
> >    Vulnerability #1:
> >
> >    Not vulnerable:
> >           versions 2.4.2 and all betas and earlier versions
> >           Vulnerable:
> >           wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15
> >           wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17
> >           wu-ftpd-2.5.0
> >           BeroFTPD, all versions
>
> CERT appears to have left out wu-ftpd-2.6.0 (although they included it in
> the lists for the other two vulnerabilities).
>
> Version 2.6.0 does *not* have the "MAPPING_CHDIR Buffer Overflow"
> vulnerability, at least if the ANNOUNCE-RELEASE file for that version is
> to be believed.  It reads, in part:
>
> "Corrected an error in the MAPPING_CHDIR feature which could be used to
> gain root privileges on the server."
>
> Presumably, this refers to this vulnerability.

Mia culpa.

--

Gregory A Lundberg              Senior Partner, VRnet Company
1441 Elmdale Drive              lundbergat_private
Kettering, OH 45409-1615 USA    1-800-809-2195

• Next message: Aleph One: "Microsoft Security Bulletin (MS99-046)"
• Previous message: Marc SCHAEFER: "Local user can send forged packets"
• Maybe in reply to: Aleph One: "CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD"
• Next in thread: Gregory A Lundberg: "Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:32 PDT