SuSE Security Announcement: Package: wuftpd < 2.6.0-121Jun 27, 2000, 20:26 (0 Talkback[s])
(Other stories by Thomas Biege)
Date: Tue, 27 Jun 2000 18:27:56 +0200 (MEST)
SuSE Security Announcement Package: wuftpd < 2.6.0-121 Date: Tue Jun 27 17:57:51 MEST 2000 Affected SuSE versions: 6.1-6.4 Vulnerability Type: remote root compromise SuSE default package: no Other affected systems: all unix systems using this package
A security hole was discovered in the package mentioned above. Please update it as soon as possible or disable the service if you are using this software on your SuSE Linux installation(s).
Other Linux distributions or operating systems might be affected as well, please contact your vendor for information about this issue.
Please note that we provide this information on an "as-is" basis only. There is no warranty whatsoever and no liability for any direct, indirect or incidental damage arising from this information or the installation of the update package.
1. Problem Description
The wu-ftp FTP server does not do proper bounds checking while processing the SITE EXEC command.
An remote attacker could execute arbitrary machine code as root on a FTP server using wu-ftpd.
This bug could only be exploited if anonymous access to the FTP server is allowed.
We recommend using our audited 2.4er version of wu-ftpd.
Update the package from our FTP server.
Please verify these md5 checksums of the updates before installing: (For SuSE 6.0, please use the 6.1 updates)
AXP: 634be5f377d4dfecb8f3456f3746860f ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/wuftpd-2.6.0-121.alpha.rpm 6adbc81c16569aa53bd48994a290127a ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/wuftpd-2.6.0-121.alpha.rpm 79e4b044ad8ef19497ce3a21c6f3a187 ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/wuftpd-2.6.0-121.alpha.rpm i386: b9f3877a600c770f73ee0478e069af82 ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/wuftpd-2.6.0-122.i386.rpm 453da7bf608d24ac87b19ef71c504fff ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/wuftpd-2.6.0-121.i386.rpm 1b8add24db4fb897ffdf8aea836f74c2 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/wuftpd-2.6.0-121.i386.rpm 98720fa1385aa22f6ec53b4175a35be5 ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/wuftpd-2.6.0-122.i386.rpm PPC: d54e0c3a877a5414eb7b274ef77b9bc6 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/wuftpd-2.6.0-121.ppc.rpm
Our webpage for patches:
Our webpage for security announcements:
If you want to report vulnerabilities, please contact email@example.com
SuSE has got two free security mailing list services to which any interested party may subscribe:
firstname.lastname@example.org - moderated and for general/linux/SuSE security discussions. All SuSE security announcements are sent to this list. email@example.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list.To subscribe to the list, send a message to:
To remove your address from the list, send a message to:
0 Talkback[s] (click to add your comment)