[SECURITY-L] CIAC BULLETIN N-132 Wu-ftpd Buffer Overflow Vulnerability
Daniela Regina Barbetti Silva
daniela em ccuec.unicamp.br
Sex Ago 1 09:09:58 -03 2003
----- Forwarded message from Cristine Hoepers <cristine em nic.br> -----
From: Cristine Hoepers <cristine em nic.br>
Subject: [GTS-L] Fwd: CIAC BULLETIN N-132 Wu-ftpd Buffer Overflow Vulnerability
To: gts-l em listas.unesp.br
Date: Thu, 31 Jul 2003 23:08:42 -0300
----- Forwarded message from CIAC Mail User <ciac em rum.llnl.gov> -----
Date: Thu, 31 Jul 2003 14:00:21 -0700 (PDT)
From: CIAC Mail User <ciac em rum.llnl.gov>
Subject: CIAC BULLETIN N-132 Wu-ftpd Buffer Overflow Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
Wu-ftpd Buffer Overflow Vulnerability
[Red Hat Security Advisory RHSA-2003:245-15]
July 31, 2003 18:00 GMT Number N-132
______________________________________________________________________________
PROBLEM: A buffer overflow vulnerability exists in wu-ftpd versions
2.6.2 and earlier. WU-FTPD is a popular ftp daemon used on the
Internet, and on many anonymous ftp sites all around the
world.
PLATFORM: Red Hat: Linux 7.1, Linux 7.1 for iSeries, Linux 7.1 for
pSeries, Linux 7.2, Linux 7.3, Linux 8.0
OTHER PLATFORMS WILL BE ADDED WHEN VENDOR BULLETINS ARE RELEASED.
DAMAGE: Successful exploitation could cause a buffer overflow and allow
for an increase in privileges.
SOLUTION: Install updated wu-ftpd packages from Red Hat.
______________________________________________________________________________
VULNERABILITY The risk is HIGH. A remote attacker could gain root privileges.
ASSESSMENT:
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/n-132.shtml
ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2003-245.html
ADDITIONAL LINKS: http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
ADDITIONAL VENDOR INFORMATION WILL BE ADDED WHEN IT
BECOMES AVAILABLE.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
iQCVAwUBPyl9KrnzJzdsy3QZAQGlfQQAsXU8nGfM9K+ordhl1eXiIVFwy60oME1A
ASNFgzVQ9W7zwZR9v99QsMaytcyE8BEV/DW29iF0aJrPArx8SpY6BrPjPrwk8FBw
CVeyLW7875h1Zn9dHv0pHI4b5ru+baqqmnU7nuThLenkqXsgK7AC66nx0RoP3Mca
7lBPLzMUc04=
=MR3i
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L