Dan Burcaw writes:
The Yellow Dog Linux Security Team has just released three packages which fix recently discovered security vulnerabilities.
Packages: proftpd, wu-ftpd, beroftpd
Date: August 29, 1999
Problem:
Due to insufficient bounds checking on directory name lengths which can be supplied by users, it is possible to overwrite the static memory space of the ftp daemon while it is executing under certain configurations. By having the ability to create directories and supplying carefully designed directory names to the ftp server, users may gain privileged access. This vulnerability may allow local & remote users to gain root privileges.
Thanks goes out to the wu-ftpd development group and the members of BugTraq for discovering and fixing this problem.
proftpd is the default FTP server installed with Yellow Dog Linux. You only need to upgrade it unless you have manually installed either wu-ftpd or beroftpd from the extras directory.
Urgency: HIGH
Solution: rpm -Uvh <file>
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/proftpd-1.2.0pre3-2.ppc.rpm
OR
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/extras/RPMS/wu-ftpd-2.5.0-2.ppc.rpm
OR
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/extras/RPMS/beroftpd-1.3.4-1.ppc.rpm
Be sure to restart inetd once you have upgraded your ftp server. You can do this by executing the following as root: /etc/rc.d/init.d/inet restart
Here are the md5 checksums of the update packages, please verify these before installing the new packages by running: md5sum <file>
220b153493412610e4a18a182d737253 RPMS/proftpd-1.2.0pre3-2.ppc.rpm
de83eaf2620afe25e3d5104735f5c7de extras/RPMS/wu-ftpd-2.5.0-2.ppc.rpm
ef70b8d6c87aa7c201764f683d0106f2 extras/RPMS/beroftpd-1.3.4-1.ppc.rpm
Users of Champion Server 1.0 can also, and are strongly advised to upgrade their ftp server.
More information can be found from our errata page at:
http://www.yellowdoglinux.com/resources/errata_cs11.shtml
Dan
Yellow Dog Linux for Apple G3 and PowerPC
email: dburcaw@yellowdoglinux.com
website: http://www.yellowdoglinux.com/
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.