[SECURITY-L] CIAC BULLETIN N-132 Wu-ftpd Buffer Overflow Vulnerability

Daniela Regina Barbetti Silva daniela em ccuec.unicamp.br
Sex Ago 1 09:09:58 -03 2003 

----- Forwarded message from Cristine Hoepers <cristine em nic.br> -----

From: Cristine Hoepers <cristine em nic.br>
Subject: [GTS-L] Fwd: CIAC BULLETIN N-132 Wu-ftpd Buffer Overflow Vulnerability
To: gts-l em listas.unesp.br
Date: Thu, 31 Jul 2003 23:08:42 -0300

----- Forwarded message from CIAC Mail User <ciac em rum.llnl.gov> -----

Date: Thu, 31 Jul 2003 14:00:21 -0700 (PDT)
From: CIAC Mail User <ciac em rum.llnl.gov>
Subject: CIAC BULLETIN N-132 Wu-ftpd Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----

             __________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                      Wu-ftpd Buffer Overflow Vulnerability
                  [Red Hat Security Advisory RHSA-2003:245-15]

July 31, 2003 18:00 GMT                                           Number N-132
______________________________________________________________________________
PROBLEM:       A buffer overflow vulnerability exists in wu-ftpd versions 
	       2.6.2 and earlier. WU-FTPD is a popular ftp daemon used on the 
               Internet, and on many anonymous ftp sites all around the 
               world. 
PLATFORM:      Red Hat: Linux 7.1, Linux 7.1 for iSeries, Linux 7.1 for 
                        pSeries, Linux 7.2, Linux 7.3, Linux 8.0 

               OTHER PLATFORMS WILL BE ADDED WHEN VENDOR BULLETINS ARE RELEASED.

DAMAGE:        Successful exploitation could cause a buffer overflow and allow 
               for an increase in privileges. 
SOLUTION:      Install updated wu-ftpd packages from Red Hat. 
______________________________________________________________________________
VULNERABILITY  The risk is HIGH. A remote attacker could gain root privileges. 
ASSESSMENT:                                                                   
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/n-132.shtml 
 ORIGINAL BULLETIN:  https://rhn.redhat.com/errata/RHSA-2003-245.html 
 ADDITIONAL LINKS:   http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt 

		     ADDITIONAL VENDOR INFORMATION WILL BE ADDED WHEN IT 
		     BECOMES AVAILABLE.
______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBPyl9KrnzJzdsy3QZAQGlfQQAsXU8nGfM9K+ordhl1eXiIVFwy60oME1A
ASNFgzVQ9W7zwZR9v99QsMaytcyE8BEV/DW29iF0aJrPArx8SpY6BrPjPrwk8FBw
CVeyLW7875h1Zn9dHv0pHI4b5ru+baqqmnU7nuThLenkqXsgK7AC66nx0RoP3Mca
7lBPLzMUc04=
=MR3i
-----END PGP SIGNATURE-----

----- End forwarded message -----

Mais detalhes sobre a lista de discussão SECURITY-L