---

FTP buffer overflow fixes for SuSE Linux

Bodo Bauer says:

Dear SuSE Linux user,

Netect Inc. informed the public on February, 9th 1999 about
remote buffer overflows in various FTP servers that could lead to
potential root compromise.

Affected are systems running the latest version of ProFTPD
(1.2.0pre1) or the latest version of Wuarchive ftpd
(2.4.2-academ[BETA-18]). wu-ftpd is installed and enabled by
default on SuSE Linux, if you are running inetd. One temporary
workaround against an anonymous attack is to disable any world
writable directories the user may have access to by making them
read only. If you do not need ftp services, you can safely disable
it in /etc/inetd.conf and restarting inetd.

More information about this issue can be found at the following
WWW-pages:
http://www.netect.com/news19.html


http://www.cert.org/advisories/CA-99-03-FTP-Buffer-Overflows.html

Security-updates of these packages can be found on our
ftp-Server and it’s mirrors (see http://www.suse.de/e/ftp.html for
a list of mirror sites):

for S.u.S.E. Linux 5.x (libc5):

ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.3/n1/proftpd.rpm

ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.3/n1/wuftpd.rpm

for SuSE Linux 6.0 (glibc2):

ftp://ftp.suse.com/pub/suse_update/SuSE-6.0/n1/proftpd.rpm

ftp://ftp.suse.com/pub/suse_update/SuSE-6.0/n1/wuftpd.rpm

-- 
Bodo Bauer                S.u.S.E., Inc              fon +1-510-835 7873
[email protected]               458 Santa Clara Avenue     fax +1-510-835 7875
http://www.suse.com/~bb   Oakland CA, 94610  USA     http://www.suse.com