• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Wu-Ftpd S/Key Remote Buffer Overrun Vulnerability

Solution:
Hewlett-Packard has released an advisory (HPSBTU01012) and an early release patch to address this issue. Customers are advised to apply this patch if they are affected by this vulnerability. Further information regarding obtaining and applying an appropriate patch can be found in the referenced advisory.

Debian has released an advisory DSA 457-1 to address this issue. Please see the referenced advisory for more information.

RedHat has released an advisory RHSA-2004:096-09 to address this issue in Red Hat Enterprise Linux. Please see the advisory in web references for more information.

The vendor has released a patch to address this issue in Wu-FTPD 2.6.2. The official patch can be obtained from the following location:

ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch


Washington University wu-ftpd 2.6.2

• Debian wu-ftpd-academ_2.6.2-3woody4_all.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd-academ_ 2.6.2-3woody4_all.deb


• Debian wu-ftpd_2.6.2-3woody4_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody4_alpha.deb


• Debian wu-ftpd_2.6.2-3woody4_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody4_arm.deb


• Debian wu-ftpd_2.6.2-3woody4_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody4_hppa.deb


• Debian wu-ftpd_2.6.2-3woody4_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody4_i386.deb


• Debian wu-ftpd_2.6.2-3woody4_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody4_ia64.deb


• Debian wu-ftpd_2.6.2-3woody4_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody4_m68k.deb


• Debian wu-ftpd_2.6.2-3woody4_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody4_mips.deb


• Debian wu-ftpd_2.6.2-3woody4_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody4_mipsel.deb


• Debian wu-ftpd_2.6.2-3woody4_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody4_powerpc.deb


• Debian wu-ftpd_2.6.2-3woody4_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody4_s390.deb


• Debian wu-ftpd_2.6.2-3woody4_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody4_sparc.deb

Compaq Tru64 5.1 a PK6(BL24)

• HP T64V51AB-IX622-WUFTPD262-SSRT4704-SSRT4705.tar
  http://itrc.hp.com

Compaq Tru64 5.1 b PK3(BL24)

• HP T64V51AB-IX622-WUFTPD262-SSRT4704-SSRT4705.tar
  http://itrc.hp.com