| VID |
16055 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The FTP daemon has a setproctitle() Format String Vulnerability.
Multiple FTP daemons, including versions of wu-ftpd, OpenBSD ftpd (ports of this package are distributed with some Linux distributions), HP-UX ftpd, and proftpd, have a vulnerability caused by the passing of user input to the setproctitle() function. When the setproctitle() function is called, a buffer is created and passed as the format argument to setproctitle. By carefully manipulating the contents of this buffer, a remote attacker can cause values on the stack to be overwritten, and potentially cause arbitrary code to be executed as root.
* References:
http://www.cert.org/advisories/CA-2000-13.html
http://www.kb.cert.org/vuls/id/29823
http://www.cert.org/incident_notes/IN-2000-10.html
http://www.ciac.org/ciac/bulletins/l-006.shtml
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:35.proftpd.asc
http://www.suse.de/de/security/suse_security_announce_57.txt
http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html
http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html
* Platforms Affected:
Some systems running ftpd derived from BSD ftpd 5.51 or BSD ftpd 5.60
FreeBSD Ports Collection Any version
HP-UX 10.xx,11.00
ProFTPD prior to 1.2.0rc2
wu-ftpd 2.6.0 and earlier |
| Recommendation |
For ProFTPD:
Upgrade to the latest version of proftpd (ProFTPD 1.2.0rc2), available from the Professional FTP Daemon Project Web site, http://www.proftpd.net/download.html
For Wu-FTPD:
Upgrade to the latest version of WU-FTPD (2.6.1 or later), available from the WU-FTPD Development Group Web site, ftp://ftp.wu-ftpd.org/pub/wu-ftpd/
For NetBSD:
Apply the patch listed in NetBSD Security Advisory 2000-009, ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc
For OpenBSD:
Apply the 019_ftpd.patch, as listed in OpenBSD Security Advisory, July 5, 2000, ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/019_ftpd.patch
For HP-UX:
Apply the patches listed in Hewlett-Packard Company Security Bulletin HPSBUX0007-117, Sec. Vulnerability in ftpd **Rev.04**, http://www.securityfocus.com/advisories/2404 |
| Related URL |
CVE-2000-0574 (CVE) |
| Related URL |
1425 (SecurityFocus) |
| Related URL |
4908 (ISS) |
|
