[15347] in bugtraq
Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON
daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Jun 14 20:52:49 2000
Message-ID: <ldvsnufao18.fsf@saint-elmos-fire.mit.edu>
Date: Wed, 14 Jun 2000 18:36:03 -0400
Reply-To: Tom Yu <tlyu@MIT.EDU>
From: Tom Yu <tlyu@MIT.EDU>
X-To: kerberos@MIT.EDU
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON
2000-06-14
SUMMARY:
A remote user may execute certain FTP commands without authorization.
IMPACT:
A remote user may perform denial of service attacks.
An attacker with access to a local account may gain unauthorized root
access.
VULNERABLE DISTRIBUTIONS:
Source distributions which may contain vulnerable code include:
MIT Kerberos 5 releases krb5-1.1 and krb5-1.1.1
The beta releases krb5-1.1.2-beta1 and krb5-1.2-beta2 are also
vulnerable.
NON-VULNERABLE DISTRIBUTIONS:
MIT Kerberos 5 releases krb5-1.0.x
FIXES:
If you are running a vulnerable FTP daemon, disable it immediately,
usually by commenting it out of your inetd.conf and sending a SIGHUP
to the inetd process.
To correct the bug, apply the following patch, rebuild, and reinstall
ftpd on the affected machines.
The upcoming krb5-1.2 release will correct this problem. There will
be a krb5-1.2-beta3 release later this week that will correct this
problem.
PATCHES:
These patches will apply against krb5-1.1.1, krb5-1.1.2-beta1, and
krb5-1.2-beta2. They will be made available on the web site at:
http://web.mit.edu/kerberos/www/advisories/ftpd_111_patch.txt
The MIT Kerberos security advisories page is at:
http://web.mit.edu/kerberos/www/advisories/index.html
Patches for other security problems as well as archives of security
advisory postings are located on that page.
Index: ftpcmd.y
===================================================================
RCS file: /cvs/krbdev/krb5/src/appl/gssftp/ftpd/ftpcmd.y,v
retrieving revision 1.14
diff -c -r1.14 ftpcmd.y
*** ftpcmd.y 1999/03/24 22:14:02 1.14
- --- ftpcmd.y 2000/06/14 17:35:19
***************
*** 865,871 ****
$$ = 0;
}
else
! $$ = 1;
}
;
%%
- --- 865,871 ----
$$ = 0;
}
else
! $$ = $1;
}
;
%%
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOUgGcabDgE/zdoE9AQF6EgP6Ay7pKAcq/nQ1w2fzKQPuvNcfWuKiCVR7
ZxHTljdhz6hI1COPsZQzEswqd2odkh1xJ0m8Tab1Ked1G569WZPLQt1LreFDnyKh
Vvy1mgwPg/EEMVvw6d7MRdgrIy7vlQswHbrAYyGMaibTSR1Rwx5Gc5cJFedP+o7M
95IoVsXNnPs=
=HCTV
-----END PGP SIGNATURE-----
