[slackware-security] WU-FTPD Security Advisory
(SSA:2003-259-03)
Upgraded WU-FTPD packages are available for Slackware 9.0 and –
-current. These fix a problem where an attacker could use a
specially crafted filename in conjunction with WU-FTPD’s conversion
feature (mostly used to compress files, or produce tar archives) to
execute arbitrary commands on the server.
In addition, a MAIL_ADMIN which has been found to be insecure
has been disabled.
We do not recommend deploying WU-FTPD in situations where
security is required.
Here are the details from the Slackware 9.0 ChangeLog:
Tue Sep 23 14:43:10 PDT 2003
pasture/dontuse/wu-ftpd/wu-ftpd-2.6.2-i486-3.tgz: Fixed a security
problem in /etc/ftpconversions (CVE-1999-0997). There’s also
another hole in wu-ftpd which may be triggered if the MAIL_ADMIN
feature (notifies the admin of anonymous uploads) is used, so
MAIL_ADMIN has been disabled in this build. Also note that we’ve
moved this from /pasture to /pasture/dontuse, which should tell you
something.
(* Security fix *)
WHERE TO FIND THE NEW PACKAGES:
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/pasture/dontuse/wu-ftpd/wu-ftpd-2.6.2-i386-3.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/pasture/dontuse/wu-ftpd/wu-ftpd-2.6.2-i486-3.tgz
MD5 SIGNATURES:
Slackware 9.0 package:
2585e5eb265708d0f74b7f00325aaf9f ftp wu-ftpd-2.6.2-i386-3.tgz
Slackware -current package:
fa6d5af10336187de5b84e5bb6b11a39 ftp wu-ftpd-2.6.2-i486-3.tgz
INSTALLATION INSTRUCTIONS:
Upgrade using upgradepkg (as root):
# upgradepkg ftp wu-ftpd-2.6.2-i386-3.tgz
+—–+
Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]
[slackware-security] ProFTPD Security Advisory
(SSA:2003-259-02)
Upgraded ProFTPD packages are available for Slackware 8.1, 9.0
and – -current. These fix a security issue where an attacker could
gain a root shell by downloading a specially crafted file.
Here are the details from the Slackware 9.0 ChangeLog:
Tue Sep 23 14:43:10 PDT 2003
n/proftpd-1.2.8p-i486-1.tgz: Upgraded to proftpd-1.2.8p
(patched).
This fixes a security problem in ProFTPD. From http://www.proftpd.org:
X-Force Research at ISS has discovered a remote exploit in
ProFTPD’s handling of ASCII translations that an attacker, by
downloading a carefully crafted file, can exploit and gain a root
shell. The source distributions on ftp ftp.proftpd.org have all been replaced
with patched versions. All ProFTPD users are strongly urged to
upgrade to one of the patched versions as soon as possible.
Note that the upgraded package does not change the displayed
version number to 1.2.8p (it remains 1.2.8), but we’ve verified the
source code to make sure that this is in fact the patched version.
We recommend all sites running ProFTPD upgrade to the new package
right away. (* Security fix *)
WHERE TO FIND THE NEW PACKAGES:
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/proftpd-1.2.8p-i386-1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/proftpd-1.2.8p-i386-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.2.8p-i486-1.tgz
MD5 SIGNATURES:
Slackware 8.1 package:
8b31d10bab91a0d4a22c7eac69a90087 ftp proftpd-1.2.8p-i386-1.tgz
Slackware 9.0 package:
391d5e24bade1ff98281465d230ddad5 ftp proftpd-1.2.8p-i386-1.tgz
Slackware -current package:
2636a2306a6acb0d8726995de9013678 ftp proftpd-1.2.8p-i486-1.tgz
INSTALLATION INSTRUCTIONS:
Upgrade using upgradepkg (as root):
# upgradepkg ftp proftpd-1.2.8p-i386-1.tgz
+—–+
Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]
[slackware-security] New OpenSSH packages
(SSA:2003-266-01)
Upgraded OpenSSH 3.7.1p2 packages are available for Slackware
8.1, 9.0 and -current. This fixes security problems with PAM
authentication. It also includes several code cleanups from Solar
Designer.
Slackware is not vulnerable to the PAM problem, and it is not
believed that any of the other code cleanups fix exploitable
security problems, not nevertheless sites may wish to upgrade.
These are some of the more interesting entries from OpenSSH’s
ChangeLog so you can be the judge:
[buffer.c]
protect against double free; #660; zardoz at users.sf.net
– [email protected]
2003/09/18 08:49:45
[deattack.c misc.c session.c ssh-agent.c]
more buffer allocation fixes; from Solar Designer;
CAN-2003-0682;
ok millert@
- (djm) Bug #676: Fix PAM stack corruption
- (djm) Fix bad free() in PAM code
WHERE TO FIND THE NEW PACKAGES:
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-3.7.1p2-i386-1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-3.7.1p2-i386-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-3.7.1p2-i486-1.tgz
MD5 SIGNATURES:
Slackware 8.1 package:
7ee5b3d42fc539325afe1c5c9bb75e95 openssh-3.7.1p2-i386-1.tgz
Slackware 9.0 package:
a8869a2c33e62075eed6a5ed03600bfa openssh-3.7.1p2-i386-1.tgz
Slackware -current package:
9b5c5f292809524b1b54466e9c98407f openssh-3.7.1p2-i486-1.tgz
INSTALLATION INSTRUCTIONS:
(This procedure is safe to do while logged in through
OpenSSH)
Upgrade using upgradepkg (as root):
# upgradepkg openssh-3.7.1p2-i386-1.tgz/
Restart OpenSSH:
. /etc/rc.d/rc.sshd restart
+—–+
Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]