| VID |
16075 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The WU-FTPD server, according to its version number, has a buffer overflow, caused by an off-by-one error in the realpath() function.
The realpath() function is a C library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../' or symbolic links. WU-FTPD 2.5.0 through 2.6.2 was reported to be vulnerable an off-by-one stack buffer overflow vulnerability in the implementation of realpath(). By submitting various FTP commands including STOR, RETR, APPE, DELE, MKD, RMD, STOU, or RNTO, along with pathnames of length MAXPATHLEN+1 to the affected server, a remote authenticated attacker could cause a denial of service or execute arbitrary code on the system with root privileges.
* Note: This check solely relied on the version number of the remote WU-FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.kb.cert.org/vuls/id/743092
http://marc.theaimsgroup.com/?l=bugtraq&m=105967301604815&w=2
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html
http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
http://marc.theaimsgroup.com/?l=bugtraq&m=106002488209129&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=106001702232325&w=2
* Platforms Affected:
Washington University, wu-ftpd 2.5.0 through 2.6.2
Unix Any version
Linux Any version |
| Recommendation |
Apply the patch available at ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/realpath.patch
-- OR --
Upgrade to WU-FTPD version 2.6.3 or later, when new fixed version becomes available from the WU-FTPD Web site at http://www.wu-ftpd.org
For FreeBSD:
Upgrade to the latest version of FreeBSD (4.8-STABLE or the latest security branch dated later than 2003-08-03), as listed in FreeBSD Security Advisory FreeBSD-03:08.realpath at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:08.realpath.asc
For OpenBSD 3.3 and earlier:
Apply the appropriate patch for your system, as listed in OpenBSD 015: SECURITY FIX: August 4, 2003 at http://www.openbsd.org/errata32.html#realpath
For NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6 and 1.6.1:
Upgrade to the latest version of the NetBSD (NetBSD-current or the latest NetBSD 1.6 branch dated August 5, 2003 or later), as listed in NetBSD Security Advisory 2003-011 at http://archives.neohapsis.com/archives/netbsd/2003-q3/0019.html
For Mac OS X:
Apply Security Update 2003-08-14, as directed in Apple Security Update 120238 at http://docs.info.apple.com/article.html?artnum=120238
For HP-UX 11.00, 11.11, and 11.22:
Follow the recommended procedure, as listed in Hewlett-Packard Company Security Bulletin HPSBUX0309-277 at http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.1102.1
For Red Hat Linux:
Upgrade to the latest wu-ftpd package, as listed in Red Hat Security Advisory RHSA-2003:245-15 at https://rhn.redhat.com/errata/RHSA-2003-245.html
For Red Hat Linux containing the wu-ftpd package:
Upgrade to the latest wu-ftpd package, as listed in Red Hat Security Advisory RHSA-2003:246-12 at https://rhn.redhat.com/errata/RHSA-2003-246.html
For Mandrake Linux 8.2:
Upgrade to the latest version of wu-ftpd (2.6.2-1-1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2003:080 at http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:080
For Debian GNU/Linux 3.0 (stable):
Upgrade to the latest version of wu-ftpd (2.6.2-3woody1 or later), as listed in Debian Security Advisory DSA-357-1 at http://www.debian.org/security/2003/dsa-357
For SuSe Linux:
Upgrade to the latest wu-ftpd package, as listed in SuSE Linux Security Announcement SuSE-SA:2003:032 at http://www.suse.de/de/security/2003_032_wuftpd.html
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2003-0466 (CVE) |
| Related URL |
8315 (SecurityFocus) |
| Related URL |
12785 (ISS) |
|
