---

Home Security

Red Hat Security Advisory: remote root exploit (SITE EXEC) fixed

By

Date: Fri, 23 Jun 2000 18:29:00 -0400
From: bugzilla@REDHAT.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [RHSA-2000:039-02] remote root exploit (SITE EXEC)
fixed

                   Red Hat, Inc. Security Advisory

Synopsis:          remote root exploit (SITE EXEC) fixed
Advisory ID:       RHSA-2000:039-02
Issue date:        2000-06-23
Updated on:        2000-06-23
Product:           Red Hat Linux
Keywords:          wu-ftpd, root exploit, site exec, buffer overrun
Cross references:  N/A

1. Topic:

A security bug in wu-ftpd can permit remote users, even without
an account, to gain root access. The new version closes the
hole.

2. Relevant releases/architectures:

Red Hat Linux 5.2 – i386 alpha sparc
Red Hat Linux 6.2 – i386 alpha sparc

3. Problem description:

An exploitable buffer overrun existed in wu-ftpd code’s status
update code. Fixed by adding bounds checking by passing the status
strings through %s.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla
for more info):

N/A

6. RPMs required:

Red Hat Linux 5.2:

i386:
ftp://updates.redhat.com/5.2/i386/wu-ftpd-2.6.0-2.5.x.i386.rpm

alpha:
ftp://updates.redhat.com/5.2/alpha/wu-ftpd-2.6.0-2.5.x.alpha.rpm

sparc:
ftp://updates.redhat.com/5.2/sparc/wu-ftpd-2.6.0-2.5.x.sparc.rpm

sources:
ftp://updates.redhat.com/5.2/SRPMS/wu-ftpd-2.6.0-2.5.x.src.rpm

Red Hat Linux 6.2:

i386:
ftp://updates.redhat.com/6.2/i386/wu-ftpd-2.6.0-14.6x.i386.rpm

alpha:
ftp://updates.redhat.com/6.2/alpha/wu-ftpd-2.6.0-14.6x.alpha.rpm

sparc:
ftp://updates.redhat.com/6.2/sparc/wu-ftpd-2.6.0-14.6x.sparc.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/wu-ftpd-2.6.0-14.6x.src.rpm

7. Verification:

MD5 sum                           Package Name

e1f3b09d8ad0067fa7fd22e7afe77e64 5.2/SRPMS/wu-ftpd-2.6.0-2.5.x.src.rpm
7c2f89b3f8533ec54a36c5dde5995ce6 5.2/alpha/wu-ftpd-2.6.0-2.5.x.alpha.rpm
8dbd0b0f1fa1d0755393942cb4cb141d 5.2/i386/wu-ftpd-2.6.0-2.5.x.i386.rpm
5d9df2512a15e5c8914f398d980b12e7 5.2/sparc/wu-ftpd-2.6.0-2.5.x.sparc.rpm
67349a75b767585628912b840e52806e 6.2/SRPMS/wu-ftpd-2.6.0-14.6x.src.rpm
fafe870fc91762dd7e9182df3b4dfee5 6.2/alpha/wu-ftpd-2.6.0-14.6x.alpha.rpm
50c11f333641277ab75e6207bffb13b4 6.2/i386/wu-ftpd-2.6.0-14.6x.i386.rpm
8abba6ffa660d1c221581855630ed40d 6.2/sparc/wu-ftpd-2.6.0-14.6x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
rpm –checksig

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg

8. References:

N/A

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.