[15587] in bugtraq
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
daemon@ATHENA.MIT.EDU (Helmethead)
Fri Jun 30 19:51:02 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20000630142552.A17468@BuffyRox>
Date: Fri, 30 Jun 2000 14:25:52 +1000
Reply-To: Helmethead <hoshem@MEL.COMCEN.COM.AU>
From: Helmethead <hoshem@MEL.COMCEN.COM.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSO.4.21.0006291001180.25731-100000@www.slothnet.com>; from
maierj@HOME.COM on Thu, Jun 29, 2000 at 10:23:12AM +0000
On Thu, Jun 29, 2000 at 10:23:12AM +0000, Joey Maier wrote:
> >RHSA-2000:039-02: remote root exploit (SITE EXEC) fixed
> [...]
> >A security bug in wu-ftpd can permit remote users, even without
> >an account, to gain root access.
> >The new version closes the hole.
> >
> >2. Relevant releases/architectures:
> >
> >Red Hat Linux 5.2 - i386 alpha sparc
>
> (which includes wu-ftpd-2.4.2b18-2.i386.rpm)
>
> >Red Hat Linux 6.2 - i386 alpha sparc
>
> (which includes wu-ftpd-2.6.0-3.i386.rpm)
>
> What about Red Hat 6.0 (includes wu-ftpd-2.4.2vr17-3.i386.rpm) and
> 6.1 (includes wu-ftpd-2.5.0-9.i386.rpm)? I know that the sploit tf8
> released was for version 2.6.0, but earlier versions of wu-ftpd
> are vunerable, too. Does anyone know if Red Hat plans to release
> RPMs to fix the 2.5.0 version included in Red Hat 6.1?
>
> --
> "When you understand UNIX, you will understand the world.
> When you understand NT....you will understand NT" - R. Thieme
> http://www.slothnet.com
No need, redhat 6.1's wu-ftpd 2.5.0 uses it's stripped down internal *printf instead of the library one, and wu-ftpd's internal printf does not recognise the %n formatting directive crucial to this exploit. It isn't vulnerable.
