Security Update: [CSSA-2001-SCO.36.2] REVISED: Open UNIX, UnixWare 7: wu-ftpd ftpglob() vulnerability

From: securityat_private
Date: Thu Feb 14 2002 - 14:36:31 PST

Next message: securityat_private: "Security Update: [CSSA-2002-SCO.5] Open UNIX, UnixWare 7: encrypted password disclosure"

Previous message: bugtraq-return-3687-jwa=jammed.comat_private: "Aprisma Response to CERT Advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: bugtraqat_private announceat_private scoannmodat_private

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		REVISED: Open UNIX, UnixWare 7: wu-ftpd ftpglob() vulnerability
Advisory number: 	CSSA-2001-SCO.36.2
Issue date: 		2002 February 14
Cross reference:	CSSA-2001-SCO.36, CSSA-2001-SCO.36.1
___________________________________________________________________________


1. Problem Description
	
	[ The CSSA-2001-SCO.36.1 version of this fix did not handle
	deep recursion of directory hierarchies well ]

	[ The CSSA-2001-SCO.36 version of this fix did not handle
	braces "{" or "}" well ]
	
	A vulnerability in the wu-ftpd ftpglob() function was found by
	the CORE ST team.  This vulnerability may be exploited to
	obtain root access on the ftp server.
   
	An nlist with a deeply recursive argument in an ftpd session
	consumes a very large amount of disk and CPU resources on the
	server, thus constituting a denial of service attack.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/sbin/in.ftpd
	Open UNIX		8.0.0		/usr/sbin/in.ftpd


3. Workaround

	None.


4. UnixWare 7, Open UNIX 8

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.36.2/


  4.2 Verification

	md5 checksums:
	
	MD5 (erg501215b.Z) = 5dc14febd11a88e1b58dfba93f033ea8


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download erg501215b.Z to /tmp
	
	# uncompress /tmp/erg501215b.Z
	# pkgadd -d /tmp/erg501215b


5. References

	CORE-20011001: Wu-FTP glob heap corruption vulnerability
	http://www.corest.com

	CERT Advisory CA-2001-33 Multiple Vulnerabilities in WU-FTPD
	http://www.cert.org	

	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0550

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr856023, fz519403, erg711908, erg501215.
	

6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	This vulnerability was originally reported by Matt Power of
	BindView on the vuln-dev mailing list.


___________________________________________________________________________

application/pgp-signature attachment: stored

Next message: securityat_private: "Security Update: [CSSA-2002-SCO.5] Open UNIX, UnixWare 7: encrypted password disclosure"
Previous message: bugtraq-return-3687-jwa=jammed.comat_private: "Aprisma Response to CERT Advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 14 2002 - 17:35:44 PST