• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor BSD ftpd glob() Buffer Overflow Vulnerabilities

Solution:
MandrakeSoft released and advisory stating that the version of Proftpd distributed as part of Mandrake Linux is not vulnerable to glob() related buffer overflows.

OpenBSD has released a patch for the OpenBSD ftp daemon.

MIT has released source code patches for the ftp daemon shipped with Kerberos 5 1.2.2. Networks running older versions of Kerberos 5 should upgrade to 1.2.2, and apply the patch (listed below).

RedHat has released upgraded versions of their Kerberos 5 packages.

Immunix has released upgraded versions of their Kerberos 5 packages.

HP/Compaq has released fixes for Tru64.


MIT Kerberos 5 1.1.1

• Immunix 6.2 krb5-configs-1.1.1-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-configs-1. 1.1-27_StackGuard.i386.rpm


• Immunix 6.2 krb5-devel-1.1.1-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-devel-1.1. 1-27_StackGuard.i386.rpm


• Immunix 6.2 krb5-libs-1.1.1-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-libs-1.1.1 -27_StackGuard.i386.rpm


• Immunix 6.2 krb5-server-1.1.1-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-server-1.1 .1-27_StackGuard.i386.rpm


• Immunix 6.2 krb5-workstation-1.1.1-27_StackGuard.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-workstatio n-1.1.1-27_StackGuard.i386.rpm


• Red Hat 6.2 alpha krb5-configs-1.1.1-27.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/krb5-configs-1.1.1-27.alpha.r pm


• Red Hat 6.2 alpha krb5-devel-1.1.1-27.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/krb5-devel-1.1.1-27.alpha.rpm


• Red Hat 6.2 alpha krb5-libs-1.1.1-27.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/krb5-libs-1.1.1-27.alpha.rpm


• Red Hat 6.2 alpha krb5-server-1.1.1-27.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/krb5-server-1.1.1-27.alpha.rp m


• Red Hat 6.2 alpha krb5-workstation-1.1.1-27.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/krb5-workstation-1.1.1-27.alp ha.rpm


• Red Hat 6.2 i386 krb5-configs-1.1.1-27.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-configs-1.1.1-27.i386.rpm


• Red Hat 6.2 i386 krb5-devel-1.1.1-27.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-devel-1.1.1-27.i386.rpm


• Red Hat 6.2 i386 krb5-libs-1.1.1-27.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-libs-1.1.1-27.i386.rpm


• Red Hat 6.2 i386 krb5-server-1.1.1-27.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-server-1.1.1-27.i386.rpm


• Red Hat 6.2 i386 krb5-workstation-1.1.1-27.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-workstation-1.1.1-27.i386 .rpm


• Red Hat 6.2 sparc krb5-configs-1.1.1-27.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/krb5-configs-1.1.1-27.sparc.r pm


• Red Hat 6.2 sparc krb5-devel-1.1.1-27.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/krb5-devel-1.1.1-27.sparc.rpm


• Red Hat 6.2 sparc krb5-libs-1.1.1-27.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/krb5-libs-1.1.1-27.sparc.rpm


• Red Hat 6.2 sparc krb5-server-1.1.1-27.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/krb5-server-1.1.1-27.sparc.rp m

MIT Kerberos 5 1.2.2

• Immunix 7.0 krb5-devel-1.2.2-5_imnx.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/krb5-devel-1.2. 2-5_imnx.i386.rpm


• Immunix 7.0 krb5-libs-1.2.2-5_imnx.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/krb5-libs-1.2.2 -5_imnx.i386.rpm


• Immunix 7.0 krb5-server-1.2.2-5_imnx.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/krb5-server-1.2 .2-5_imnx.i386.rpm


• Immunix 7.0 krb5-workstation-1.2.2-5_imnx.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/krb5-workstatio n-1.2.2-5_imnx.i386.rpm


• MIT 1.2.2 ftpbuf_122_patch.txt
  http://www.securityfocus.com/external/http://web.mit.edu/kerberos/www/ advisories/ftpbuf_122_patch.txt


• Red Hat 7.0 alpha krb5-devel-1.2.2-5.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/krb5-devel-1.2.2-5.alpha.rpm


• Red Hat 7.0 alpha krb5-libs-1.2.2-5.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/krb5-libs-1.2.2-5.alpha.rpm


• Red Hat 7.0 alpha krb5-server-1.2.2-5.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/krb5-server-1.2.2-5.alpha.rpm


• Red Hat 7.0 alpha krb5-workstation-1.2.2-5.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/krb5-workstation-1.2.2-5.alph a.rpm


• Red Hat 7.0 i386 krb5-devel-1.2.2-5.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-devel-1.2.2-5.i386.rpm


• Red Hat 7.0 i386 krb5-libs-1.2.2-5.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-libs-1.2.2-5.i386.rpm


• Red Hat 7.0 i386 krb5-server-1.2.2-5.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-server-1.2.2-5.i386.rpm


• Red Hat 7.0 i386 krb5-workstation-1.2.2-5.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-workstation-1.2.2-5.i386. rpm


• Red Hat 7.1 i386 krb5-devel-1.2.2-5.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/krb5-devel-1.2.2-5.i386.rpm


• Red Hat 7.1 i386 krb5-libs-1.2.2-5.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/krb5-libs-1.2.2-5.i386.rpm


• Red Hat 7.1 i386 krb5-server-1.2.2-5.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/krb5-server-1.2.2-5.i386.rpm


• Red Hat 7.1 i386 krb5-workstation-1.2.2-5.i386.rpm
  http://updates.redhat.com/7.1/en/os/i386/krb5-workstation-1.2.2-5.i386 .rpm

OpenBSD OpenBSD 2.8

• OpenBSD 025_glob.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/025_glob.patch

FreeBSD FreeBSD 3.0

• FreeBSD 3.x glob.3.x.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch

FreeBSD FreeBSD 3.1

• FreeBSD 3.x glob.3.x.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch

FreeBSD FreeBSD 3.2

• FreeBSD 3.x glob.3.x.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch

FreeBSD FreeBSD 3.3

• FreeBSD 3.x glob.3.x.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch

FreeBSD FreeBSD 3.4

• FreeBSD 3.x glob.3.x.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch

FreeBSD FreeBSD 3.5

• FreeBSD 3.x glob.3.x.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch

FreeBSD FreeBSD 3.5.1

• FreeBSD 3.x glob.3.x.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch

FreeBSD FreeBSD 4.0

• FreeBSD 4.x glob.4.x.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch

Compaq Tru64 4.0 g PK3 (BL17)

• HP t64v40gb17-c0011101-15266-es-20020827.tar
  Requires Tru64 V4.0g PK3 (BL17).
  http://ftp.support.compaq.com/patches/public/unix/v4.0g/

Compaq Tru64 4.0 f PK7 (BL18)

• HP duv40fb18-c0067201-15265-es-20020827.tar
  Requires Tru64 Unix V4.0f PK7 (BL18).
  http://ftp.support.compaq.com/patches/public/unix/v4.0f/

FreeBSD FreeBSD 4.1

• FreeBSD 4.x glob.4.x.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch

FreeBSD FreeBSD 4.1.1

• FreeBSD 4.x glob.4.x.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch

FreeBSD FreeBSD 4.2

• FreeBSD 4.x glob.4.x.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch

Compaq Tru64 5.0 a PK3 (BL17)

• HP t64v50ab17-c0018601-15270-es-20020827.tar
  Requires Tru64 V5.0A PK3 (BL17).
  http://ftp.support.compaq.com/patches/public/unix/v5.0a/