OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: CERT Advisory CA-99.13 - Multiple Vulnera

Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD

Rami Dass (r-dassNTX1.CSO.UIUC.EDU)
Thu, 21 Oct 1999 15:05:22 -0500

Also, I beleive that this problem occurs only in certain OS's vulnerable to
the getcwd() exploit, the ERRATA file, in the 2.6.0 source tree, lists them:

"Systems needing getcwd():

  BSD 4.4 (bsd)
  Unix 3.x (dec)
  DG/UX (dgx)
  Dynix (dyn)
  generic (gen)
  NeXTstep 2.x (nx2)
  OSF/1 (osf)
  Sony NewsOS (sny)"

So this exploit MIGHT be OS specific and certain OS's running versions prior
to 2.6.0 may not be affected. I did try building 2.6.0 under Solaris 7, and
there were some problems with using "ls".

Incidentally, there has been a patch available to address the getcwd() issue
on the ftp site for wu-ftpd that can be applied to 2.5.0.

-----Original Message-----
From: Richard Trott [mailto:trottSLOWPOISONERS.COM]
Sent: Wednesday, October 20, 1999 5:17 PM
To: BUGTRAQSECURITYFOCUS.COM
Subject: Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in
WU-FTPD

> WU-FTPD and BeroFTPD
>
> Vulnerability #1:
>
> Not vulnerable:
> versions 2.4.2 and all betas and earlier versions
> Vulnerable:
> wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15
> wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17
> wu-ftpd-2.5.0
> BeroFTPD, all versions

CERT appears to have left out wu-ftpd-2.6.0 (although they included it in
the lists for the other two vulnerabilities).

Version 2.6.0 does *not* have the "MAPPING_CHDIR Buffer Overflow"
vulnerability, at least if the ANNOUNCE-RELEASE file for that version is
to be believed. It reads, in part:

"Corrected an error in the MAPPING_CHDIR feature which could be used to
gain root privileges on the server."

Presumably, this refers to this vulnerability.

Rich

This archive was generated by hypermail 2.0b3 on Fri Oct 22 1999 - 11:45:23 CDT