Wu-Ftpd Remote Format String Stack Overwrite Vulnerability

Solution:
Patches for various Linux distributions are listed below:

Linux-Mandrake (From their advisory):

Please upgrade to:

md5 sum: b4340d1007f5128d5d80502007c11a17
6.0/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm

md5 sum: bb37dbaf5f9fc3953c2869592df608c9
src: 6.0/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm


md5 sum: 89467e25e432271892aea433b613b4f7
6.1/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm

md5 sum: bb37dbaf5f9fc3953c2869592df608c9
src: 6.1/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm


md5 sum: 7e240d30b2e8cba1ba0c3dc59908aef7
7.0/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm

md5 sum: bb37dbaf5f9fc3953c2869592df608c9
src: 7.0/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm


md5 sum: 2b83dcb120012f1009e707398b5f4dc4
7.1/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm

md5 sum: bb37dbaf5f9fc3953c2869592df608c9
src: 7.1/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm

To upgrade automatically, use « MandrakeUpdate ». If you want to
upgrade manually, download the updated package from one of our FTP
server mirrors and uprade with "rpm -Uvh package_name". All mirrors
are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are
available in the "updates/" directory.



Debian Linux (taken directly from the advisory)

Debian GNU/Linux 2.1 alias slink
---------------------------------------------

This version of Debian was released only for Intel ia32, the Motorola
680x0, the Alpha, and the Sun Sparc architecture. Fixes for Intel ia32
and the Sun Sparc architecture are currently available; fixes for other
architectures will be available soon.

Source archives:
http://security.debian.org/dists/slink/updates/source/wu-ftpd-academ_2.4.2.16-13.1.diff.gz
MD5 checksum: a3d26f64852e10d5831f1362e214074b
http://security.debian.org/dists/slink/updates/source/wu-ftpd-academ_2.4.2.16-13.1.dsc
MD5 checksum: 3c1848cfbdc82eae8008e26f34b63029
http://security.debian.org/dists/slink/updates/source/wu-ftpd-academ_2.4.2.16.orig.tar.gz
MD5 checksum: 1b636fbfb3a5417886cc4265cca0fc5f

Intel ia32 architecture:
http://security.debian.org/dists/slink/updates/binary-i386/wu-ftpd-academ_2.4.2.16-13.1_i386.deb
MD5 checksum: 9eace595dcb0ba68bb2ddd60ffbfa12f

Sun Sparc architecture:
http://security.debian.org/dists/slink/updates/binary-sparc/wu-ftpd-academ_2.4.2.16-13.1_sparc.deb
MD5 checksum: 1302d89ae95d8b40eb000472abeb461c

Debian 2.2 alias potato
- -----------------------

This version of Debian is not yet released. Fixes are currently available
for Alpha, ARM, Intel ia32, PowerPC, and the Sun Sparc architecture.
Fixes for other architectures will be available soon.

Source archives:
http://security.debian.org/dists/potato/updates/main/source/wu-ftpd_2.6.0-5.1.diff.gz
MD5 checksum: d24ba31633ed0d279653c671f93bf624
http://security.debian.org/dists/potato/updates/main/source/wu-ftpd_2.6.0-5.1.dsc
MD5 checksum: bc7138b128d8d32d5810ac19cc4ccf75
http://security.debian.org/dists/potato/updates/main/source/wu-ftpd_2.6.0.orig.tar.gz
MD5 checksum: 652cfe4b59e0468eded736e7c281d16f

Architecture indendent archives:
http://security.debian.org/dists/potato/updates/main/binary-all/wu-ftpd-academ_2.6.0-5.1_all.deb
MD5 checksum: fa11e4fb1e3852382e9261a265ab85be

Alpha architecture:
http://security.debian.org/dists/potato/updates/main/binary-alpha/wu-ftpd_2.6.0-5.1_alpha.deb
MD5 checksum: 3907a13fd70063eb8cccc47148d3b316


ARM architecture:
http://security.debian.org/dists/potato/updates/main/binary-arm/wu-ftpd_2.6.0-5.1_arm.deb
MD5 checksum: 9faeaec3a831510179c4e3a6ea50ff52

Intel ia32 architecture:
http://security.debian.org/dists/potato/updates/main/binary-i386/wu-ftpd_2.6.0-5.1_i386.deb
MD5 checksum: 8f74c7004d4a06bfef2a5de786993164

PowerPC architecture:
http://security.debian.org/dists/potato/updates/main/binary-powerpc/wu-ftpd_2.6.0-5.1_powerpc.deb
MD5 checksum: 4af70cff2b3a0396945df86fa8ebc6b8

Sun Sparc architecture:
http://security.debian.org/dists/potato/updates/main/binary-sparc/wu-ftpd_2.6.0-5.1_sparc.deb
MD5 checksum: 71320a88456af1b92f4e9848bbe76a80

Debian Unstable alias woody
- ---------------------------

A fix will be available in the unstable archive soon. Meanwhile, install
the appropriate potato packages listed above.

Connectiva Linux (Taken from their advisory):

DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm


DIRECT LINK TO THE SOURCE PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm

Caldera Linux (Taken from the advisory):
-------------------------------------------------------
OpenLinux Desktop 2.3

Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

Verification

ddc86702f33d6a5edddab258ddd72195 RPMS/wu-ftpd-2.5.0-7.i386.rpm
8090110ecef8d1efd2fe4c279f209e29 SRPMS/wu-ftpd-2.5.0-7.src.rpm


OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

Verification

f909e8b47ec6780109c2437cdfdc2497 RPMS/wu-ftpd-2.5.0-7.i386.rpm
8354edf2f90e59aa96d8baf1d77e28a0 SRPMS/wu-ftpd-2.5.0-7.src.rpm

. OpenLinux eDesktop 2.4

Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

Verification

d2df4fb386d65387039f33538571d907 RPMS/wu-ftpd-2.5.0-7.i386.rpm
13313d25d6d93dd98dd94e62d48c711c SRPMS/wu-ftpd-2.5.0-7.src.rpm

RedHat Linux (taken directly from their advisory):


6. RPMs required:

Red Hat Linux 5.2 (These versions should be ok with previous RedHat versions):

386:
ftp://updates.redhat.com/5.2/i386/wu-ftpd-2.6.0-2.5.x.i386.rpm

alpha:
ftp://updates.redhat.com/5.2/alpha/wu-ftpd-2.6.0-2.5.x.alpha.rpm

sparc:
ftp://updates.redhat.com/5.2/sparc/wu-ftpd-2.6.0-2.5.x.sparc.rpm

sources:
ftp://updates.redhat.com/5.2/SRPMS/wu-ftpd-2.6.0-2.5.x.src.rpm

Red Hat Linux 6.2 (These updated versions should work with all 6.x versions):

i386:
ftp://updates.redhat.com/6.2/i386/wu-ftpd-2.6.0-14.6x.i386.rpm

alpha:
ftp://updates.redhat.com/6.2/alpha/wu-ftpd-2.6.0-14.6x.alpha.rpm

sparc:
ftp://updates.redhat.com/6.2/sparc/wu-ftpd-2.6.0-14.6x.sparc.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/wu-ftpd-2.6.0-14.6x.src.rpm

7. Verification:

MD5 sum Package Name
--------------------------------------------------------------------------
e1f3b09d8ad0067fa7fd22e7afe77e64 5.2/SRPMS/wu-ftpd-2.6.0-2.5.x.src.rpm
7c2f89b3f8533ec54a36c5dde5995ce6 5.2/alpha/wu-ftpd-2.6.0-2.5.x.alpha.rpm
8dbd0b0f1fa1d0755393942cb4cb141d 5.2/i386/wu-ftpd-2.6.0-2.5.x.i386.rpm
5d9df2512a15e5c8914f398d980b12e7 5.2/sparc/wu-ftpd-2.6.0-2.5.x.sparc.rpm
67349a75b767585628912b840e52806e 6.2/SRPMS/wu-ftpd-2.6.0-14.6x.src.rpm
fafe870fc91762dd7e9182df3b4dfee5 6.2/alpha/wu-ftpd-2.6.0-14.6x.alpha.rpm
50c11f333641277ab75e6207bffb13b4 6.2/i386/wu-ftpd-2.6.0-14.6x.i386.rpm
8abba6ffa660d1c221581855630ed40d 6.2/sparc/wu-ftpd-2.6.0-14.6x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html

You can verify each package with the following command:

rpm --checksig <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>



If you running a distribution that has not released patches yet, a diff is available to work-around/prevent the problem. It is in a message that is linked to in the "reference" part of this vuldb entry titled "Re: WuFTPD: Providing *remote* root since at least1994" posted by Peter Pentchev <roam@orbitel.bg>.

SuSE:
We recommend using our audited 2.4er version of wu-ftpd.

Update the package from our FTP server.
______________________________________________________________________________

Please verify these md5 checksums of the updates before installing:
(For SuSE 6.0, please use the 6.1 updates)

AXP:
634be5f377d4dfecb8f3456f3746860f ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/wuftpd-2.6.0-121.alpha.rpm
6adbc81c16569aa53bd48994a290127a ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/wuftpd-2.6.0-121.alpha.rpm
79e4b044ad8ef19497ce3a21c6f3a187 ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/wuftpd-2.6.0-121.alpha.rpm

i386:
b9f3877a600c770f73ee0478e069af82 ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/wuftpd-2.6.0-122.i386.rpm
453da7bf608d24ac87b19ef71c504fff ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/wuftpd-2.6.0-121.i386.rpm
1b8add24db4fb897ffdf8aea836f74c2 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/wuftpd-2.6.0-121.i386.rpm
98720fa1385aa22f6ec53b4175a35be5 ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/wuftpd-2.6.0-122.i386.rpm

PPC:
d54e0c3a877a5414eb7b274ef77b9bc6 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/wuftpd-2.6.0-121.ppc.rpm
______________________________________________________________________________
You can find updates on our ftp-Server:

ftp://ftp.suse.com/pub/suse/i386/update for Intel processors
ftp://ftp.suse.com/pub/suse/axp/update for Alpha processors

or try the following web pages for a list of mirrors:
http://www.suse.de/ftp.html
http://www.suse.com/ftp_new.html

Our webpage for patches:
http://www.suse.de/patches/index.html

Our webpage for security announcements:
http://www.suse.de/security

Slackware:

The wu-ftpd daemon is part of the tcpip1.tgz package in the N series. A
new tcpip1.tgz package is now available in the Slackware -current tree.
All users of Slackware 7.0, 7.1, and -current are stronly urged to upgrade
to the new tcpip1.tgz package.

For users of Slackware 4.0, a wuftpd.tgz patch package is being provided
in the /patches tree of Slackware 4.0.


=========================================
wu-ftpd 2.6.1 AVAILABLE - (n1/tcpip1.tgz)
=========================================

FOR USERS OF SLACKWARE 7.0, 7.1, and -current:
---------------------------------------------

The recent vulnerability in wu-ftpd can be fixed by upgrading to the
new tcpip1.tgz package. This package upgrades the wu-ftpd server to
version 2.6.1. You can download it from the -current branch:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/tcpip1.tgz

All users of Slackware 7.0, 7.1, and -current are strongly urged to
upgrade to the tcpip1.tgz package to fix the vulnerability in wu-ftpd.

For verification purposes, we provide the following checksums:

16-bit "sum" checksum:
45865 995

128-bit MD5 message digest:
2ffec28ac4b9de34d5899f7cd88cc5c3 n1/tcpip1.tgz

Installation instructions for the tcpip1.tgz package:

If you have downloaded the new tcpip1.tgz package, you should bring
the system into runlevel 1 and run upgradepkg on it:

# telinit 1
# upgradepkg tcpip1.tgz
# telinit 3



FOR USERS OF SLACKWARE 4.0:
--------------------------

The recent vulnerability in wu-ftpd can be fixed by installing the
wuftpd.tgz patch package. This package upgrades the wu-ftpd server
to version 2.6.1. You can download it from the Slackware 4.0 branch:

ftp://ftp.slackware.com/pub/slackware/slackware-4.0/patches/wuftpd.tgz

All users of Slackware 4.0 are strongly urged to install the wuftpd.tgz
patch package to fix the vulnerability in wu-ftpd.

For verification purposes, we provide the following checksums:

16-bit "sum" checksum:
06607 105

128-bit MD5 message digest:
75547b1762d7ff4fad233cd89529ff2c wuftpd.tgz

Installation instructions for the wuftpd.tgz package:

If you have downloaded the wuftpd.tgz patch package, you should bring
the system into runlevel 1 and run installpkg on it:

# telinit 1
# installpkg wuftpd.tgz
# telinit 3


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
http://www.slackware.com


Mandrake:

To upgrade automatically, use < MandrakeUpdate >. If you want to
upgrade manually, download the updated package from one of our FTP
server mirrors and uprade with "rpm -Uvh package_name". All mirrors
are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are
available in the "updates/" directory.

Please upgrade to:

md5 sum: b4340d1007f5128d5d80502007c11a17
6.0/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm

md5 sum: bb37dbaf5f9fc3953c2869592df608c9
src: 6.0/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm

md5 sum: 89467e25e432271892aea433b613b4f7
6.1/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm

md5 sum: bb37dbaf5f9fc3953c2869592df608c9
src: 6.1/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm

md5 sum: 7e240d30b2e8cba1ba0c3dc59908aef7
7.0/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm

md5 sum: bb37dbaf5f9fc3953c2869592df608c9
src: 7.0/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm

md5 sum: 2b83dcb120012f1009e707398b5f4dc4
7.1/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm

md5 sum: bb37dbaf5f9fc3953c2869592df608c9
src: 7.1/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm

FreeBSD:
Patches are available for FreeBSD 3, 4 and 5 at:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/wu-ftpd-2.6.0.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/wu-ftpd-2.6.0.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/wu-ftpd-2.6.0.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/wu-ftpd-2.6.0.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/wu-ftpd-2.6.0.tar.gz

A patch is also available that was posted to Bugtraq by Daniel Jacobowitz <drow@false.org> of the Debian GNU/Linux project, available here:

http://www.securityfocus.com/data/vulnerabilities/patches/wu-ftpd2.6.0.diff


HP HP-UX 10.0 1
  • HP PHNE_22058


HP HP-UX 10.10
  • HP PHNE_22058


HP HP-UX 10.16
  • HP PHNE_22703


HP HP-UX 10.20
  • HP PHNE_22057


HP HP-UX (VVOS) 10.24
  • HP PHNE_22059


HP HP-UX 10.26
  • HP PHNE_22124


HP HP-UX 11.0 4
  • HP PHNE_22060


HP HP-UX 11.0

Turbolinux Turbolinux 3.5 b2

Turbolinux Turbolinux 4.0


 

Privacy Statement
Copyright 2010, SecurityFocus