Wu-ftpd FTP server contains remotely exploitable off-by-one
bug. A local or remote attacker could exploit this
vulnerability to gain root privileges on a vulnerable
system.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0466 to
this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.5 - 5.0.7 /etc/ftpd
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.7
4.1 Install Maintenance pack 1.
4.2 Location of Maintenance pack 1.
ftp://ftp.sco.com/pub/openserver5/osr507mp/
4.3 Installing Maintenance pack 1.
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to the /tmp directory
2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.4 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to the /tmp directory
2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.
6. References
Specific references for this advisory:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466
http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
http://www.ciac.org/ciac/bulletins/n-132.shtml
This security fix closes SCO incidents sr882339 fz528115
erg712363.
8. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
9. Acknowledgments
SCO would like to thank Wojciech Purczynski and Janusz
Niewiadomski for the advisory.
To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
______
SCO Security Advisory
Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : wu-ftpd fb_realpath() off-by-one bug
Advisory number: CSSA-2003-SCO.20
Issue date: 2003 September 18
Cross reference: sr882339 fz528115 erg712363
________________________________________________________________________
______
1. Problem Description
Wu-ftpd FTP server contains remotely exploitable off-by-one
bug. A local or remote attacker could exploit this
vulnerability to gain root privileges on a vulnerable
system.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0466 to
this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.5 - 5.0.7 /etc/ftpd
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.7
4.1 Install Maintenance pack 1.
4.2 Location of Maintenance pack 1.
ftp://ftp.sco.com/pub/openserver5/osr507mp/
4.3 Installing Maintenance pack 1.
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to the /tmp directory
2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.
5. OpenServer 5.0.6 - 5.0.5
5.1 First, install:
OSS646B - Execution Environment Supplement
5.2 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.20
5.3 Verification
MD5 (VOL.000.000) = 7cde8ff3cf05658b054dae20f6620bcb
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.4 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to the /tmp directory
2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.
6. References
Specific references for this advisory:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466
http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
http://www.ciac.org/ciac/bulletins/n-132.shtml
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr882339 fz528115
erg712363.
8. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
9. Acknowledgments
SCO would like to thank Wojciech Purczynski and Janusz
Niewiadomski for the advisory.
________________________________________________________________________
______
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/bzTsaqoBO7ipriERAidHAJ4wpBW9J3GCPEwn6Mak9t5+XAZAwgCghQSs
q7S5CxTJrBp2c0KqG+NM+Zw=
=4pz6
-----END PGP SIGNATURE-----
[ reply ]