thr3ads.net - linux security

If this information is useful, please help other people find it:
Share via:

Cristian Gafton

1999-Oct-21 14:20 UTC

-----BEGIN PGP SIGNED MESSAGE-----

- ---------------------------------------------------------------------
		   Red Hat, Inc. Security Advisory

Synopsis:		Security problems in WU-FTPD
Advisory ID:		RHSA-1999:043-01
Issue date:		1999-10-21
Updated on:		
Keywords:		wu-ftp security remote exploit
Cross references:	
- ---------------------------------------------------------------------

1. Topic:

Various computer security groups have reported security problems in the
WU-FTPD daemon, the FTP server shipped with all versions of Red Hat Linux.

2. Problem description:

Three vulnerabilities have been identified in WU-FTPD and other ftp daemons
based on the WU-FTPD source code.

Vulnerability #1: MAPPING_CHDIR Buffer Overflow
Vulnerability #2: Message File Buffer Overflow

   Remote and local intruders may be able exploit these vulnerabilities to
   execute arbitrary code as the user running the ftpd daemon, usually root.

Vulnerability #3: SITE NEWER Consumes Memory

   Remote and local intruders who can connect to the FTP server can cause
   the server to consume excessive amounts of memory, preventing normal
   system operation. If intruders can create files on the system, they
   may be able exploit this vulnerability to execute arbitrary code as
   the user running the ftpd daemon, usually root.

3. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info):

N/A

4. Relevant releases/architectures:

Red Hat Linux 4.2 for i386, alpha and sparc
Red Hat Linux 5.2 for i386, alpha and sparc
Red Hat Linux 6.x for i386, alpha and sparc

5. Obsoleted by:

6. Conflicts with:

7. RPMs required:

Red Hat Linux 4.2
- -----------------

Intel:
  ftp://updates.redhat.com//4.2/i386/wu-ftpd-2.6.0-0.4.2.i386.rpm
Alpha:
  ftp://updates.redhat.com//4.2/alpha/wu-ftpd-2.6.0-0.4.2.alpha.rpm
Sparc:
  ftp://updates.redhat.com//4.2/sparc/wu-ftpd-2.6.0-0.4.2.sparc.rpm
Source packages:
  ftp://updates.redhat.com//4.2/SRPMS/wu-ftpd-2.6.0-0.4.2.src.rpm

Red Hat Linux 5.2
- -----------------

Intel:
  ftp://updates.redhat.com//5.2/i386/wu-ftpd-2.6.0-0.5.x.i386.rpm
Alpha:
  ftp://updates.redhat.com//5.2/alpha/wu-ftpd-2.6.0-0.5.x.alpha.rpm
Sparc:
  ftp://updates.redhat.com//5.2/sparc/wu-ftpd-2.6.0-0.5.x.sparc.rpm
Source packages:
  ftp://updates.redhat.com//5.2/SRPMS/wu-ftpd-2.6.0-0.5.x.src.rpm

Red Hat Linux 6.x
- -----------------

Intel:
  ftp://updates.redhat.com//6.0/i386/wu-ftpd-2.6.0-1.i386.rpm
Alpha:
  ftp://updates.redhat.com//6.0/alpha/wu-ftpd-2.6.0-1.alpha.rpm
Sparc:
  ftp://updates.redhat.com//6.0/sparc/wu-ftpd-2.6.0-1.sparc.rpm
Source packages:
  ftp://updates.redhat.com//6.0/SRPMS/wu-ftpd-2.6.0-1.src.rpm

8. Solution:

For each RPM for your particular architecture, run:
    rpm -Uvh <filename>
where filename is the name of the RPM.

9. Verification:

MD5 sum                           Package Name
- --------------------------------------------------------------------------
c6e1e63399ce8497b6ff7c9945954690  i386/wu-ftpd-2.6.0-0.4.2.i386.rpm
05c278b6507fbac44443a8be434adeed  alpha/wu-ftpd-2.6.0-0.4.2.alpha.rpm
0ecd4ff150450607ce4b69982419ef07  sparc/wu-ftpd-2.6.0-0.4.2.sparc.rpm
acb4144d477075480fd89112112658a9  SRPMS/wu-ftpd-2.6.0-0.4.2.src.rpm

13349a3192515d85c06dc873344a10bd  i386/wu-ftpd-2.6.0-0.5.x.i386.rpm
c6e97b13e6924d96f40cf4da8e8d217b  alpha/wu-ftpd-2.6.0-0.5.x.alpha.rpm
35a32345c364e216e7437b1485c95160  sparc/wu-ftpd-2.6.0-0.5.x.sparc.rpm
b9bdb8ca91e296e07344e1c1915078dd  SRPMS/wu-ftpd-2.6.0-0.5.x.src.rpm

dcd5d04df11849007aa3c4fb398cfbfb  i386/wu-ftpd-2.6.0-1.i386.rpm
a0b3a1a0dcfbdfd1443d0aecd960e907  alpha/wu-ftpd-2.6.0-1.alpha.rpm
7511f1f96b3044207cbe11d34f75ff7a  sparc/wu-ftpd-2.6.0-1.sparc.rpm
7e30ea42e82908752b943621580f6f1c  SRPMS/wu-ftpd-2.6.0-1.src.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:

http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

10. References:

CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD
http://www.cert.org

AUSCERT Advisory AA-1999.01
ftp://www.auscert.org.au/security/advisory/AA-1999.01.wu-ftpd.mapping_chdir.vul

AUSCERT Advisory AA-1999.02
ftp://www.auscert.org.au/security/advisory/AA-1999.02.multi.wu-ftpd.vuls

Cristian
- --
- ----------------------------------------------------------------------
Cristian Gafton     --     gafton@redhat.com      --     Red Hat, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  "How could this be a problem in a country where we have Intel and
   Microsoft?"  --Al Gore on Y2K

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBOA+DnfGvxKXU9NkBAQE4IwQAolvXS8CqvwZQ0EmAxVqht/0mnJ8OasfA
rsIqfLufM/hcKcp1f9EuIX/CJoJRJNmuDEWHLgc8QD53vZpqXuEdd6q+7HQOA3n6
7eD8DRWHdcgUfmZmQ94JBmvJgIues2MD5yNPZkpI20ehQ/ILQbnJCkEP+70s9qEc
LfvgysrzOIE=JLsl
-----END PGP SIGNATURE-----

Bill Nottingham

1999-Oct-28 02:05 UTC

head link

---------------------------------------------------------------------
		   Red Hat, Inc. Security Advisory

Synopsis:		security problems with ypserv
Advisory ID:		RHSA-1999:046-01
Issue date:		1999-10-27
Updated on:		1999-10-27	
Keywords:		
Cross references:	ypserv yppasswdd rpc.yppasswdd
---------------------------------------------------------------------

1. Topic:

The ypserv package, which contains the ypserv NIS server
and the yppasswdd password-change server, has been discovered
to have security holes.

2. Problem description:

With ypserv, local administrators in the NIS domain could
possibly inject password tables. In rpc.yppasswdd, users
could change GECOS and login shells of other users, and
there is a buffer overflow in the md5 hash generation.

It is recommended that all users of the ypserv package upgrade
to the new packages.

3. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info):

4. Relevant releases/architectures:

Red Hat Linux 4.x, all architectures
Red Hat Linux 5.x, all architectures
Red Hat Linux 6.x, all architectures

5. Obsoleted by:

6. Conflicts with:

7. RPMs required:

Red Hat Linux 4.x:

Intel:
  ftp://updates.redhat.com/4.2/i386/ypserv-1.3.9-0.4.2.i386.rpm

Alpha:
  ftp://updates.redhat.com/4.2/alpha/ypserv-1.3.9-0.4.2.alpha.rpm

Sparc:
  ftp://updates.redhat.com/4.2/sparc/ypserv-1.3.9-0.4.2.sparc.rpm

Source packages:
  ftp://updates.redhat.com/4.2/SRPMS/ypserv-1.3.9-0.4.2.src.rpm

Red Hat Linux 5.x:

Intel:
  ftp://updates.redhat.com/5.2/i386/ypserv-1.3.9-0.5.2.i386.rpm

Alpha:
  ftp://updates.redhat.com/5.2/alpha/ypserv-1.3.9-0.5.2.alpha.rpm

Sparc:
  ftp://updates.redhat.com/5.2/sparc/ypserv-1.3.9-0.5.2.sparc.rpm

Source packages:
  ftp://updates.redhat.com/5.2/SRPMS/ypserv-1.3.9-0.5.2.src.rpm

Red Hat Linux 6.x:

Intel:
  ftp://updates.redhat.com/6.1/i386/ypserv-1.3.9-1.i386.rpm

Alpha:
  ftp://updates.redhat.com/6.0/alpha/ypserv-1.3.9-1.alpha.rpm

Sparc:
  ftp://updates.redhat.com/6.0/sparc/ypserv-1.3.9-1.sparc.rpm

Source packages:
  ftp://updates.redhat.com/6.1/SRPMS/ypserv-1.3.9-1.src.rpm

8. Solution:

For each RPM for your particular architecture, run:
    rpm -Uvh 'filename'
where filename is the name of the RPM.

9. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
d384966683e0c59b7c63d2d0fcba79ce  ypserv-1.3.9-0.4.2.i386.rpm
e8e860c754e894b955c2ec3e73bcad8d  ypserv-1.3.9-0.4.2.alpha.rpm
19cfbc0bf8ef5ed272243d74020b69df  ypserv-1.3.9-0.4.2.sparc.rpm
df131f369bfb64d1b093447168484e38  ypserv-1.3.9-0.4.2.src.rpm

51a38316e72f25b6751ade459728f049  ypserv-1.3.9-0.5.2.i386.rpm
65da86b0b61ae70b82a5b3fe17b77803  ypserv-1.3.9-0.5.2.alpha.rpm
2956fc958456d5a91d697043932266bd  ypserv-1.3.9-0.5.2.sparc.rpm
dda2d28bb89cddb9ecb4409778a548f9  ypserv-1.3.9-0.5.2.src.rpm

c1a566b7535bb51e25d9c1743f822682  ypserv-1.3.9-1.i386.rpm
a8f5a82d450ddb2b42068537859c18ae  ypserv-1.3.9-1.alpha.rpm
6759503c9cc688bcd1902f6511ecc60a  ypserv-1.3.9-1.sparc.rpm
f7e8b5a241c4e873822c83be2f0cf566  ypserv-1.3.9-1.src.rpm
 
These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html
 
You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

10. References:
<19991024163423.6665A67B0@Galois.suse.de>

Possibly Parallel Threads

Search for more maybe matching threads

linux security - Oct 1999 -

Possibly Parallel Threads