Slackware releases updated wu.ftpd

Patrick J. Volkerding posted to the slackware-security list:

It's been a busy weekend...

A buffer overflow has been found in wu-ftpd 2.5 and prior releases, and has been patched in slackware-4.0 and slackware-current on ftp.cdrom.com in /pub/linux/. Here are the details:

Slackware-4.0 ChangeLog.txt:
Sun Aug 29 19:37:43 CDT 1999
slakware/n8/tcpip1.tgz: Upgraded to wu-ftpd-2.5.0, patched mapped path and other buffer overflows. The problem fixed by this package can result in unauthorized root access to the machine -- it is highly recommended that anyone running an FTP server open to the Internet install this package (or the one below) as soon as is possible.
*** Alternate, minimal fix:
patches/wuftpd.tgz: This package contains version 2.5.0 of the wu-ftpd FTP daemon, with buffer overflows fixed. This package is suitable for use with Slackware 3.5, 3.6, 3.9, or 4.0.
----------------------------
Slackware 4.0 new package MD5 sums:
329e9eab5df6357b98d746207a938997 slakware/n8/tcpip1.tgz
61a8a59e47e4308db11524c9cafd6188 patches/wuftpd.tgz
----------------------------
Slackware-current ChangeLog.txt:
Mon Aug 30 02:07:19 CDT 1999
n1/tcpip1.tgz: Patched wu-ftpd-2.5.0 against buffer overflows.
----------------------------
Slackware-current new package MD5 sums:
8cc8224850e45a14711b4457badcc823 n1/tcpip1.tgz
----------------------------

Take care,

Pat

Related Stories:

• Vulnerabilities exist in wu-ftpd, BeroFTPD and ProFTPd(Aug 29, 1999)
• Red Hat Security Advisory: Another buffer overflow in wu-ftpd is fixed(Aug 26, 1999)
• wu-ftpd contains exploitable vulnerability(Mar 23, 1999)
• NcFTPd remote buffer overflow(Feb 23, 1999)
• FTP buffer overflow fixes for SuSE Linux(Feb 18, 1999)
• New advisory for Debian wu-ftpd-academ buffer overflow(Feb 14, 1999)
• Debian packages to fix wu-ftpd bug available(Feb 12, 1999)
• Debian released updated ftp packages(Feb 11, 1999)
• CERT Advisory CA-99.03 - FTP-Buffer-Overflows(Feb 11, 1999)
• New wu-ftpd packages available in RPM format(Feb 09, 1999)