TNFTPD Multiple Signal Handler Remote Superuser Compromise Vulnerabilities

TNFTPD Multiple Signal Handler Remote Superuser Compromise Vulnerabilities

Solution:
The vendor has released patches resolving these issues.

NetBSD has released advisory 2004-009 addressing this issue. Please see the referenced advisory for further information. Fixes are available from CVS for the NetBSD-current and NetBSD-2.0 branches.

Apple has released an advisory (APPLE-SA-0024-09-07) along with fixes to address this, and many other issues. Please see the referenced advisory for further information.

Heimdal has released an advisory (2004-09-13) along with version 0.6.3 to address this issue. Please see the referenced advisory for further information.

Gentoo Linux has released an advisory (GLSA 200409-19) to address this issue. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following with superuser privileges:
emerge sync
emerge -pv ">=app-crypt/heimdal-0.6.3"
emerge ">=app-crypt/heimdal-0.6.3"

Debian Linux has released an advisory (DSA 551-1) along with fixes dealing with this issue. Please the referenced advisory for more information.

Sun has released an advisory (Sun Alert ID: 57655) with fixes to address these issues in Sun Java Desktop System (JDS) 2003 and Release 2 for the Linux platform. Please see the advisory in Web references for more information. Users may carry out the following actions from the launch bar to download the patch:

Launch >> Applications >> System Tools >> Online Update

Luke Mewburn TNFTPD 20031217

Luke Mewburn tnftpd-20040810.tar.gz
ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftpd-20040810.tar.gz

Sun Java Desktop System (JDS) 2003

Sun patch-9369

Heimdal Heimdal 0.3 f

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Heimdal Heimdal 0.4 b

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Heimdal Heimdal 0.4 d

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Heimdal Heimdal 0.4 c

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Heimdal Heimdal 0.4 a

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Heimdal Heimdal 0.4 e

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Heimdal Heimdal 0.5 .0

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Heimdal Heimdal 0.5.1

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Heimdal Heimdal 0.5.2

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Heimdal Heimdal 0.5.3

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Heimdal Heimdal 0.6

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Heimdal Heimdal 0.6.1

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Heimdal Heimdal 0.6.2

Heimdal heimdal-0.6.3.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz

Luke Mewburn lukemftp 1.1

Debian lukemftpd_1.1-1woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_alpha.deb

Debian lukemftpd_1.1-1woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_arm.deb

Debian lukemftpd_1.1-1woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_hppa.deb

Debian lukemftpd_1.1-1woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_i386.deb

Debian lukemftpd_1.1-1woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_ia64.deb

Debian lukemftpd_1.1-1woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_m68k.deb

Debian lukemftpd_1.1-1woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_mips.deb

Debian lukemftpd_1.1-1woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_mipsel.deb

Debian lukemftpd_1.1-1woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_powerpc.deb

Debian lukemftpd_1.1-1woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_s390.deb

Debian lukemftpd_1.1-1woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_sparc.deb

Luke Mewburn lukemftp 1.5

Luke Mewburn tnftpd-20040810.tar.gz
ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftpd-20040810.tar.gz

Apple Mac OS X 10.2.8

Apple SecUpd2004-09-07JagClient.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04717&plat form=osx&method=sa/SecUpd2004-09-07JagClient.dmg

Apple Mac OS X Server 10.2.8

Apple SecUpdSrvr2004-09-07Jag.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04716&plat form=osx&method=sa/SecUpdSrvr2004-09-07Jag.dmg

Apple Mac OS X 10.3.4

Apple SecUpd2004-09-07PanClient.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04712&plat form=osx&method=sa/SecUpd2004-09-07PanClient.dmg

Apple Mac OS X Server 10.3.4

Apple SecUpdSrvr2004-09-07PanL.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04713&plat form=osx&method=sa/SecUpdSrvr2004-09-07PanL.dmg

Apple Mac OS X Server 10.3.5

Apple SecUpdSrvr2004-09-07PanM.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04714&plat form=osx&method=sa/SecUpdSrvr2004-09-07PanM.dmg

Apple Mac OS X 10.3.5

Apple SecUpd2004-09-07PanMClient.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04715&plat form=osx&method=sa/SecUpd2004-09-07PanMClient.dmg

Sun Java Desktop System (JDS) 2.0

Sun patch-9369