• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor FTP pipe Vulnerability

Solution:
SGI have released an advisory (20030304-01-P) with details that address this issue. A number of patches to fix this vulnerability have also been provided. SGI have recommended that users upgrade to IRIX 6.5.20 or install the appropriate version specific patch.

RedHat has released an advisory and fixes, see advisory link below.

Mandrake Linux has made fixes available for the Kerberos FTP Client. See the referenced advisory for additional details.

IBM Has the following APAR's available to address this problem:

AIX 4.1
---------
APAR # IX70885

AIX 4.2
---------
APAR # IX70886

Hewlett Packard has made the folowing patches available to address this problem:

Install the applicable patches for the fileset: ARPA-RUN ARPA-MAN
HP-UX release 9.X PHNE_13595

Install the applicable patches for the fileset: InternetSrvcs.INETSVCS-RUN or InternetSrvcs.INET-ENG-A-MAN.

HP-UX release 10.0,10.01,10.10 PHNE_13596
HP-UX release 10.16 PHNE_16006
HP-UX release 10.20 PHNE_13597
HP-UX release 10.24 PHNE_15802
HP-UX release 11.00 PHNE_14479

Install the applicable patches for the fileset: InternetSvcSec.INETSVCS-SEC or InternetSvcSec.ISEC-ENG-A-MAN, (Secure Internet Services),

HP-UX release 10.20 PHNE_15544

Sun Microsystems has made the following patches avaialable to address this problem:

SunOS Patch ID
_____ _________
SunOS 5.6 sparc 106522-01
SunOS 5.6 x86 106523-01
SunOS 5.5.1 sparc 103603-09
SunOS 5.5.1 x86 103604-09
SunOS 5.5 sparc 103577-09
SunOS 5.5 x86 103578-09
SunOS 5.4 sparc 101945-60
SunOS 5.4 x86 101946-53
SunOS 5.3 sparc 101653-02
SunOS 4.1.4 sparc 104477-04
SunOS 4.1.3_U1 sparc 104454-04

SCO has released a security advisory for UnixWare and OpenUnix which contains the appropriate fixes. Users are advised to upgrade as soon as possible.

HP has released an updated advisory (HPSBUX01050) and fixes to address this issue in HP-UX 11.00, 11.04, 11.11, and 11.22. Please see the referenced advisory for further details regarding obtaining and applying appropriate fixes.


RedHat krb5-server-1.2.2-13.i386.rpm

• Red Hat 7.2 krb5-server-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-server-1.2.2-16.i386.rpm

RedHat krb5-server-1.2.4-1.i386.rpm

• Red Hat 7.3 krb5-server-1.2.4-4.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/krb5-server-1.2.4-4.i386.rpm

RedHat krb5-workstation-1.2.4-1.i386.rpm

• Red Hat 7.3 krb5-workstation-1.2.4-4.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/krb5-workstation-1.2.4-4.i386. rpm

RedHat krb5-devel-1.2.5-6.i386.rpm

• Red Hat 8.0 krb5-devel-1.2.5-8.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/krb5-devel-1.2.5-8.i386.rpm

RedHat krb5-devel-1.2.1-8.i386.rpm

• Red Hat 7.0 krb5-devel-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-devel-1.2.2-16.i386.rpm

RedHat krb5-server-1.2.1-8.i386.rpm

• Red Hat 7.0 krb5-server-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-server-1.2.2-16.i386.rpm

RedHat krb5-libs-1.2.4-1.i386.rpm

• Red Hat 7.3 krb5-libs-1.2.4-4.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/krb5-libs-1.2.4-4.i386.rpm

RedHat krb5-server-1.2.5-6.i386.rpm

• Red Hat 8.0 krb5-server-1.2.5-8.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/krb5-server-1.2.5-8.i386.rpm

RedHat krb5-workstation-1.2.5-6.i386.rpm

• Red Hat 8.0 krb5-workstation-1.2.5-8.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/krb5-workstation-1.2.5-8.i386. rpm

RedHat krb5-libs-1.2.1-8.i386.rpm

• Red Hat 7.0 krb5-libs-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-libs-1.2.2-16.i386.rpm

RedHat krb5-libs-1.2.2-13.i386.rpm

• Red Hat 7.2 krb5-libs-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-libs-1.2.2-16.i386.rpm

RedHat krb5-devel-1.2.2-13.i386.rpm

• Red Hat 7.2 krb5-devel-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-devel-1.2.2-16.i386.rpm

RedHat krb5-workstation-1.1.1-9.i386.rpm

• Red Hat 6.2 krb5-workstation-1.1.1-32.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-workstation-1.1.1-32.i386 .rpm

RedHat krb5-devel-1.2.4-1.i386.rpm

• Red Hat 7.3 krb5-devel-1.2.4-4.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/krb5-devel-1.2.4-4.i386.rpm

RedHat krb5-server-1.1.1-9.i386.rpm

• Red Hat 6.2 krb5-server-1.1.1-32.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-server-1.1.1-32.i386.rpm

RedHat krb5-workstation-1.2.2-13.i386.rpm

• Red Hat 7.2 krb5-workstation-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-workstation-1.2.2-16.i386 .rpm

RedHat krb5-workstation-1.2.1-8.i386.rpm

• Red Hat 7.0 krb5-workstation-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-workstation-1.2.2-16.i386 .rpm

RedHat krb5-configs-1.1.1-9.i386.rpm

• Red Hat 6.2 krb5-configs-1.1.1-32.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-configs-1.1.1-32.i386.rpm

RedHat krb5-libs-1.2.5-6.i386.rpm

• Red Hat 8.0 krb5-libs-1.2.5-8.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/krb5-libs-1.2.5-8.i386.rpm

RedHat krb5-devel-1.1.1-9.i386.rpm

• Red Hat 6.2 krb5-devel-1.1.1-32.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-devel-1.1.1-32.i386.rpm

RedHat krb5-libs-1.1.1-9.i386.rpm

• Red Hat 6.2 krb5-libs-1.1.1-32.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-libs-1.1.1-32.i386.rpm

RedHat Linux 6.2 i386

• Red Hat 6.2 krb5-configs-1.1.1-32.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-configs-1.1.1-32.i386.rpm


• Red Hat 6.2 krb5-devel-1.1.1-32.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-devel-1.1.1-32.i386.rpm


• Red Hat 6.2 krb5-libs-1.1.1-32.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-libs-1.1.1-32.i386.rpm


• Red Hat 6.2 krb5-server-1.1.1-32.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-server-1.1.1-32.i386.rpm


• Red Hat 6.2 krb5-workstation-1.1.1-32.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-workstation-1.1.1-32.i386 .rpm

RedHat Linux 7.0 i386

• Red Hat 7.0 krb5-devel-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-devel-1.2.2-16.i386.rpm


• Red Hat 7.0 krb5-libs-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-libs-1.2.2-16.i386.rpm


• Red Hat 7.0 krb5-server-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-server-1.2.2-16.i386.rpm


• Red Hat 7.0 krb5-workstation-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-workstation-1.2.2-16.i386 .rpm

Caldera UnixWare 7.1.1

• Caldera erg712227.pkg.Z
  ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3

Caldera UnixWare 7.1.3

• Caldera erg712227.pkg.Z
  ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3

RedHat Linux 7.2 ia64

• Red Hat 7.2 krb5-devel-1.2.2-16.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/krb5-devel-1.2.2-16.ia64.rpm


• Red Hat 7.2 krb5-libs-1.2.2-16.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/krb5-libs-1.2.2-16.ia64.rpm


• Red Hat 7.2 krb5-server-1.2.2-16.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/krb5-server-1.2.2-16.ia64.rpm


• Red Hat 7.2 krb5-workstation-1.2.2-16.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/krb5-workstation-1.2.2-16.ia64 .rpm

RedHat Linux 7.2 i386

• Red Hat 7.2 krb5-devel-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-devel-1.2.2-16.i386.rpm


• Red Hat 7.2 krb5-libs-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-libs-1.2.2-16.i386.rpm


• Red Hat 7.2 krb5-server-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-server-1.2.2-16.i386.rpm


• Red Hat 7.2 krb5-workstation-1.2.2-16.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-workstation-1.2.2-16.i386 .rpm

RedHat Linux 7.3 i386

• Red Hat 7.3 krb5-devel-1.2.4-4.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/krb5-devel-1.2.4-4.i386.rpm


• Red Hat 7.3 krb5-libs-1.2.4-4.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/krb5-libs-1.2.4-4.i386.rpm


• Red Hat 7.3 krb5-server-1.2.4-4.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/krb5-server-1.2.4-4.i386.rpm


• Red Hat 7.3 krb5-workstation-1.2.4-4.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/krb5-workstation-1.2.4-4.i386. rpm

Caldera OpenUnix 8.0

• Caldera erg712227.pkg.Z
  ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3

RedHat Linux 8.0 i386

• Red Hat 8.0 krb5-devel-1.2.5-8.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/krb5-devel-1.2.5-8.i386.rpm


• Red Hat 8.0 krb5-libs-1.2.5-8.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/krb5-libs-1.2.5-8.i386.rpm


• Red Hat 8.0 krb5-server-1.2.5-8.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/krb5-server-1.2.5-8.i386.rpm


• Red Hat 8.0 krb5-workstation-1.2.5-8.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/krb5-workstation-1.2.5-8.i386. rpm