[24288] in bugtraq
Security Update: [CSSA-2001-SCO.36.2] REVISED: Open UNIX, UnixWare 7: wu-ftpd ftpglob() vulnerability
daemon@ATHENA.MIT.EDU (security@caldera.com)
Thu Feb 14 20:35:48 2002
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
scoannmod@xenitec.on.ca
From: security@caldera.com
Date: Thu, 14 Feb 2002 14:36:31 -0800
Message-ID: <20020214143631.O13563@caldera.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="3lcZGd9BuhuYXNfi"
Content-Disposition: inline
--3lcZGd9BuhuYXNfi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.=
on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: REVISED: Open UNIX, UnixWare 7: wu-ftpd ftpglob() vulnerability
Advisory number: CSSA-2001-SCO.36.2
Issue date: 2002 February 14
Cross reference: CSSA-2001-SCO.36, CSSA-2001-SCO.36.1
___________________________________________________________________________
1. Problem Description
=09
[ The CSSA-2001-SCO.36.1 version of this fix did not handle
deep recursion of directory hierarchies well ]
[ The CSSA-2001-SCO.36 version of this fix did not handle
braces "{" or "}" well ]
=09
A vulnerability in the wu-ftpd ftpglob() function was found by
the CORE ST team. This vulnerability may be exploited to
obtain root access on the ftp server.
=20
An nlist with a deeply recursive argument in an ftpd session
consumes a very large amount of disk and CPU resources on the
server, thus constituting a denial of service attack.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 All /usr/sbin/in.ftpd
Open UNIX 8.0.0 /usr/sbin/in.ftpd
3. Workaround
None.
4. UnixWare 7, Open UNIX 8
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.36.2/
4.2 Verification
md5 checksums:
=09
MD5 (erg501215b.Z) =3D 5dc14febd11a88e1b58dfba93f033ea8
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
Download erg501215b.Z to /tmp
=09
# uncompress /tmp/erg501215b.Z
# pkgadd -d /tmp/erg501215b
5. References
CORE-20011001: Wu-FTP glob heap corruption vulnerability
http://www.corest.com
CERT Advisory CA-2001-33 Multiple Vulnerabilities in WU-FTPD
http://www.cert.org=09
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2001-0550
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr856023, fz519403, erg711908, erg501215.
=09
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
7. Acknowledgements
This vulnerability was originally reported by Matt Power of
BindView on the vuln-dev mailing list.
___________________________________________________________________________
--3lcZGd9BuhuYXNfi
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjxsO+8ACgkQaqoBO7ipriGNzgCeNNayNJqZaP2z7ODpAuiXk5/x
RpQAn24TNsBexw0PkgmU1co/l/TzPrx1
=Z7jx
-----END PGP SIGNATURE-----
--3lcZGd9BuhuYXNfi--
