To: bugtraqat_private announceat_private scoannmodat_private ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Open UNIX, UnixWare 7: wu-ftpd ftpglob() vulnerability Advisory number: CSSA-2001-SCO.36 Issue date: 2001 November 30 Cross reference: ___________________________________________________________________________ 1. Problem Description A vulnerability in the wu-ftpd ftpglob() function was found by the CORE ST team. This vulnerability can be exploited to obtain root access on the ftp server. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ UnixWare 7 All /usr/sbin/in.ftpd Open UNIX 8.0.0 /usr/sbin/in.ftpd 3. Workaround None. 4. UnixWare 7, Open UNIX 8 4.1 Location of Fixed Binaries ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.36/ 4.2 Verification md5 checksums: 9294a9d1a467b72d7ee9bb37672855a0 erg711908.Z md5 is available for download from ftp://stage.caldera.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: Download erg711908.Z to /tmp # uncompress /tmp/erg711908.Z # pkgadd -d /tmp/erg711908 5. References CORE-20011001: Wu-FTP glob heap corruption vulnerability http://www.corest.com CERT Advisory CA-2001-33 Multiple Vulnerabilities in WU-FTPD http://www.cert.org http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0550 This and other advisories are located at http://stage.caldera.com/support/security This advisory addresses Caldera Security internal incidents sr856023, fz519403, erg711908. 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. 7. Acknowledgements This vulnerability was originally reported by Matt Power of BindView on the vuln-dev mailing list. ___________________________________________________________________________
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 17:04:07 PST