|
Wu-Ftpd Remote Format String Stack Overwrite Vulnerability
Solution: Patches for various Linux distributions are listed below: Linux-Mandrake (From their advisory): Please upgrade to: md5 sum: b4340d1007f5128d5d80502007c11a17 6.0/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm md5 sum: bb37dbaf5f9fc3953c2869592df608c9 src: 6.0/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm md5 sum: 89467e25e432271892aea433b613b4f7 6.1/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm md5 sum: bb37dbaf5f9fc3953c2869592df608c9 src: 6.1/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm md5 sum: 7e240d30b2e8cba1ba0c3dc59908aef7 7.0/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm md5 sum: bb37dbaf5f9fc3953c2869592df608c9 src: 7.0/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm md5 sum: 2b83dcb120012f1009e707398b5f4dc4 7.1/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm md5 sum: bb37dbaf5f9fc3953c2869592df608c9 src: 7.1/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm To upgrade automatically, use « MandrakeUpdate ». If you want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Uvh package_name". All mirrors are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are available in the "updates/" directory. Debian Linux (taken directly from the advisory) Debian GNU/Linux 2.1 alias slink --------------------------------------------- This version of Debian was released only for Intel ia32, the Motorola 680x0, the Alpha, and the Sun Sparc architecture. Fixes for Intel ia32 and the Sun Sparc architecture are currently available; fixes for other architectures will be available soon. Source archives: http://security.debian.org/dists/slink/updates/source/wu-ftpd-academ_2.4.2.16-13.1.diff.gz MD5 checksum: a3d26f64852e10d5831f1362e214074b http://security.debian.org/dists/slink/updates/source/wu-ftpd-academ_2.4.2.16-13.1.dsc MD5 checksum: 3c1848cfbdc82eae8008e26f34b63029 http://security.debian.org/dists/slink/updates/source/wu-ftpd-academ_2.4.2.16.orig.tar.gz MD5 checksum: 1b636fbfb3a5417886cc4265cca0fc5f Intel ia32 architecture: http://security.debian.org/dists/slink/updates/binary-i386/wu-ftpd-academ_2.4.2.16-13.1_i386.deb MD5 checksum: 9eace595dcb0ba68bb2ddd60ffbfa12f Sun Sparc architecture: http://security.debian.org/dists/slink/updates/binary-sparc/wu-ftpd-academ_2.4.2.16-13.1_sparc.deb MD5 checksum: 1302d89ae95d8b40eb000472abeb461c Debian 2.2 alias potato - ----------------------- This version of Debian is not yet released. Fixes are currently available for Alpha, ARM, Intel ia32, PowerPC, and the Sun Sparc architecture. Fixes for other architectures will be available soon. Source archives: http://security.debian.org/dists/potato/updates/main/source/wu-ftpd_2.6.0-5.1.diff.gz MD5 checksum: d24ba31633ed0d279653c671f93bf624 http://security.debian.org/dists/potato/updates/main/source/wu-ftpd_2.6.0-5.1.dsc MD5 checksum: bc7138b128d8d32d5810ac19cc4ccf75 http://security.debian.org/dists/potato/updates/main/source/wu-ftpd_2.6.0.orig.tar.gz MD5 checksum: 652cfe4b59e0468eded736e7c281d16f Architecture indendent archives: http://security.debian.org/dists/potato/updates/main/binary-all/wu-ftpd-academ_2.6.0-5.1_all.deb MD5 checksum: fa11e4fb1e3852382e9261a265ab85be Alpha architecture: http://security.debian.org/dists/potato/updates/main/binary-alpha/wu-ftpd_2.6.0-5.1_alpha.deb MD5 checksum: 3907a13fd70063eb8cccc47148d3b316 ARM architecture: http://security.debian.org/dists/potato/updates/main/binary-arm/wu-ftpd_2.6.0-5.1_arm.deb MD5 checksum: 9faeaec3a831510179c4e3a6ea50ff52 Intel ia32 architecture: http://security.debian.org/dists/potato/updates/main/binary-i386/wu-ftpd_2.6.0-5.1_i386.deb MD5 checksum: 8f74c7004d4a06bfef2a5de786993164 PowerPC architecture: http://security.debian.org/dists/potato/updates/main/binary-powerpc/wu-ftpd_2.6.0-5.1_powerpc.deb MD5 checksum: 4af70cff2b3a0396945df86fa8ebc6b8 Sun Sparc architecture: http://security.debian.org/dists/potato/updates/main/binary-sparc/wu-ftpd_2.6.0-5.1_sparc.deb MD5 checksum: 71320a88456af1b92f4e9848bbe76a80 Debian Unstable alias woody - --------------------------- A fix will be available in the unstable archive soon. Meanwhile, install the appropriate potato packages listed above. Connectiva Linux (Taken from their advisory): DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm DIRECT LINK TO THE SOURCE PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm Caldera Linux (Taken from the advisory): ------------------------------------------------------- OpenLinux Desktop 2.3 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS Verification ddc86702f33d6a5edddab258ddd72195 RPMS/wu-ftpd-2.5.0-7.i386.rpm 8090110ecef8d1efd2fe4c279f209e29 SRPMS/wu-ftpd-2.5.0-7.src.rpm OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS Verification f909e8b47ec6780109c2437cdfdc2497 RPMS/wu-ftpd-2.5.0-7.i386.rpm 8354edf2f90e59aa96d8baf1d77e28a0 SRPMS/wu-ftpd-2.5.0-7.src.rpm . OpenLinux eDesktop 2.4 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS Verification d2df4fb386d65387039f33538571d907 RPMS/wu-ftpd-2.5.0-7.i386.rpm 13313d25d6d93dd98dd94e62d48c711c SRPMS/wu-ftpd-2.5.0-7.src.rpm RedHat Linux (taken directly from their advisory): 6. RPMs required: Red Hat Linux 5.2 (These versions should be ok with previous RedHat versions): 386: ftp://updates.redhat.com/5.2/i386/wu-ftpd-2.6.0-2.5.x.i386.rpm alpha: ftp://updates.redhat.com/5.2/alpha/wu-ftpd-2.6.0-2.5.x.alpha.rpm sparc: ftp://updates.redhat.com/5.2/sparc/wu-ftpd-2.6.0-2.5.x.sparc.rpm sources: ftp://updates.redhat.com/5.2/SRPMS/wu-ftpd-2.6.0-2.5.x.src.rpm Red Hat Linux 6.2 (These updated versions should work with all 6.x versions): i386: ftp://updates.redhat.com/6.2/i386/wu-ftpd-2.6.0-14.6x.i386.rpm alpha: ftp://updates.redhat.com/6.2/alpha/wu-ftpd-2.6.0-14.6x.alpha.rpm sparc: ftp://updates.redhat.com/6.2/sparc/wu-ftpd-2.6.0-14.6x.sparc.rpm sources: ftp://updates.redhat.com/6.2/SRPMS/wu-ftpd-2.6.0-14.6x.src.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- e1f3b09d8ad0067fa7fd22e7afe77e64 5.2/SRPMS/wu-ftpd-2.6.0-2.5.x.src.rpm 7c2f89b3f8533ec54a36c5dde5995ce6 5.2/alpha/wu-ftpd-2.6.0-2.5.x.alpha.rpm 8dbd0b0f1fa1d0755393942cb4cb141d 5.2/i386/wu-ftpd-2.6.0-2.5.x.i386.rpm 5d9df2512a15e5c8914f398d980b12e7 5.2/sparc/wu-ftpd-2.6.0-2.5.x.sparc.rpm 67349a75b767585628912b840e52806e 6.2/SRPMS/wu-ftpd-2.6.0-14.6x.src.rpm fafe870fc91762dd7e9182df3b4dfee5 6.2/alpha/wu-ftpd-2.6.0-14.6x.alpha.rpm 50c11f333641277ab75e6207bffb13b4 6.2/i386/wu-ftpd-2.6.0-14.6x.i386.rpm 8abba6ffa660d1c221581855630ed40d 6.2/sparc/wu-ftpd-2.6.0-14.6x.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> If you running a distribution that has not released patches yet, a diff is available to work-around/prevent the problem. It is in a message that is linked to in the "reference" part of this vuldb entry titled "Re: WuFTPD: Providing *remote* root since at least1994" posted by Peter Pentchev <roam@orbitel.bg>. SuSE: We recommend using our audited 2.4er version of wu-ftpd. Update the package from our FTP server. ______________________________________________________________________________ Please verify these md5 checksums of the updates before installing: (For SuSE 6.0, please use the 6.1 updates) AXP: 634be5f377d4dfecb8f3456f3746860f ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/wuftpd-2.6.0-121.alpha.rpm 6adbc81c16569aa53bd48994a290127a ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/wuftpd-2.6.0-121.alpha.rpm 79e4b044ad8ef19497ce3a21c6f3a187 ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/wuftpd-2.6.0-121.alpha.rpm i386: b9f3877a600c770f73ee0478e069af82 ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/wuftpd-2.6.0-122.i386.rpm 453da7bf608d24ac87b19ef71c504fff ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/wuftpd-2.6.0-121.i386.rpm 1b8add24db4fb897ffdf8aea836f74c2 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/wuftpd-2.6.0-121.i386.rpm 98720fa1385aa22f6ec53b4175a35be5 ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/wuftpd-2.6.0-122.i386.rpm PPC: d54e0c3a877a5414eb7b274ef77b9bc6 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/wuftpd-2.6.0-121.ppc.rpm ______________________________________________________________________________ You can find updates on our ftp-Server: ftp://ftp.suse.com/pub/suse/i386/update for Intel processors ftp://ftp.suse.com/pub/suse/axp/update for Alpha processors or try the following web pages for a list of mirrors: http://www.suse.de/ftp.html http://www.suse.com/ftp_new.html Our webpage for patches: http://www.suse.de/patches/index.html Our webpage for security announcements: http://www.suse.de/security Slackware: The wu-ftpd daemon is part of the tcpip1.tgz package in the N series. A new tcpip1.tgz package is now available in the Slackware -current tree. All users of Slackware 7.0, 7.1, and -current are stronly urged to upgrade to the new tcpip1.tgz package. For users of Slackware 4.0, a wuftpd.tgz patch package is being provided in the /patches tree of Slackware 4.0. ========================================= wu-ftpd 2.6.1 AVAILABLE - (n1/tcpip1.tgz) ========================================= FOR USERS OF SLACKWARE 7.0, 7.1, and -current: --------------------------------------------- The recent vulnerability in wu-ftpd can be fixed by upgrading to the new tcpip1.tgz package. This package upgrades the wu-ftpd server to version 2.6.1. You can download it from the -current branch: ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/tcpip1.tgz All users of Slackware 7.0, 7.1, and -current are strongly urged to upgrade to the tcpip1.tgz package to fix the vulnerability in wu-ftpd. For verification purposes, we provide the following checksums: 16-bit "sum" checksum: 45865 995 128-bit MD5 message digest: 2ffec28ac4b9de34d5899f7cd88cc5c3 n1/tcpip1.tgz Installation instructions for the tcpip1.tgz package: If you have downloaded the new tcpip1.tgz package, you should bring the system into runlevel 1 and run upgradepkg on it: # telinit 1 # upgradepkg tcpip1.tgz # telinit 3 FOR USERS OF SLACKWARE 4.0: -------------------------- The recent vulnerability in wu-ftpd can be fixed by installing the wuftpd.tgz patch package. This package upgrades the wu-ftpd server to version 2.6.1. You can download it from the Slackware 4.0 branch: ftp://ftp.slackware.com/pub/slackware/slackware-4.0/patches/wuftpd.tgz All users of Slackware 4.0 are strongly urged to install the wuftpd.tgz patch package to fix the vulnerability in wu-ftpd. For verification purposes, we provide the following checksums: 16-bit "sum" checksum: 06607 105 128-bit MD5 message digest: 75547b1762d7ff4fad233cd89529ff2c wuftpd.tgz Installation instructions for the wuftpd.tgz package: If you have downloaded the wuftpd.tgz patch package, you should bring the system into runlevel 1 and run installpkg on it: # telinit 1 # installpkg wuftpd.tgz # telinit 3 Remember, it's also a good idea to backup configuration files before upgrading packages. - Slackware Linux Security Team http://www.slackware.com Mandrake: To upgrade automatically, use < MandrakeUpdate >. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Uvh package_name". All mirrors are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are available in the "updates/" directory. Please upgrade to: md5 sum: b4340d1007f5128d5d80502007c11a17 6.0/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm md5 sum: bb37dbaf5f9fc3953c2869592df608c9 src: 6.0/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm md5 sum: 89467e25e432271892aea433b613b4f7 6.1/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm md5 sum: bb37dbaf5f9fc3953c2869592df608c9 src: 6.1/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm md5 sum: 7e240d30b2e8cba1ba0c3dc59908aef7 7.0/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm md5 sum: bb37dbaf5f9fc3953c2869592df608c9 src: 7.0/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm md5 sum: 2b83dcb120012f1009e707398b5f4dc4 7.1/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm md5 sum: bb37dbaf5f9fc3953c2869592df608c9 src: 7.1/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm FreeBSD: Patches are available for FreeBSD 3, 4 and 5 at: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/wu-ftpd-2.6.0.tar.gz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/wu-ftpd-2.6.0.tar.gz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/wu-ftpd-2.6.0.tar.gz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/wu-ftpd-2.6.0.tar.gz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/wu-ftpd-2.6.0.tar.gz A patch is also available that was posted to Bugtraq by Daniel Jacobowitz <drow@false.org> of the Debian GNU/Linux project, available here: http://www.securityfocus.com/data/vulnerabilities/patches/wu-ftpd2.6.0.diff HP HP-UX 10.0 1 HP HP-UX 10.10 HP HP-UX 10.16 HP HP-UX 10.20 HP HP-UX (VVOS) 10.24 HP HP-UX 10.26 HP HP-UX 11.0 4 HP HP-UX 11.0
Turbolinux Turbolinux 3.5 b2
Turbolinux Turbolinux 4.0
|
|
|
Privacy Statement |
