Multiple Vendor C Library realpath() Off-By-One Buffer Overflow Vulnerability

Multiple Vendor C Library realpath() Off-By-One Buffer Overflow Vulnerability

Solution:
Please see the referenced vendor advisories for further information.

Redhat wu-ftpd-2.6.1-18.i386.rpm

RedHat wu-ftpd-2.6.2-11.72.1.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/wu-ftpd-2.6.2-11.72.1.i386.rpm

Redhat wu-ftpd-2.6.1-16.i386.rpm

RedHat wu-ftpd-2.6.2-11.71.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/wu-ftpd-2.6.2-11.71.1.i386.rpm

OpenBSD OpenBSD 3.2

OpenBSD 015_realpath.patch
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.2/common/015_realpath.patc h

Redhat wu-ftpd-2.6.1-16.ppc.rpm

RedHat wu-ftpd-2.6.2-11.71.1.ppc.rpm
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/wu-ftpd-2.6.2-11.71.1.p pc.rpm

RedHat wu-ftpd-2.6.2-11.71.1.ppc.rpm
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/wu-ftpd-2.6.2-11.71.1.p pc.rpm

Redhat wu-ftpd-2.6.1-18.ia64.rpm

RedHat wu-ftpd-2.6.2-11.72.1.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/wu-ftpd-2.6.2-11.72.1.ia64.rpm

Redhat wu-ftpd-2.6.2-8.i386.rpm

RedHat wu-ftpd-2.6.2-12.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/wu-ftpd-2.6.2-12.i386.rpm

Redhat wu-ftpd-2.6.2-5.i386.rpm

RedHat wu-ftpd-2.6.2-11.73.1.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/wu-ftpd-2.6.2-11.73.1.i386.rpm

Sun Solaris 9

Sun 114564-02
http://sunsolve.sun.com

OpenBSD OpenBSD 3.3

OpenBSD 001_realpath.patch
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.3/common/001_realpath.patc h

Sun Solaris 9_x86

Sun 114565-02
http://sunsolve.sun.com

NetBSD NetBSD 1.5

NetBSD SA2003-011-realpath.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.p atch

NetBSD NetBSD 1.5.1

NetBSD SA2003-011-realpath.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.p atch

NetBSD NetBSD 1.5.2

NetBSD SA2003-011-realpath.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.p atch

NetBSD NetBSD 1.5.3

NetBSD SA2003-011-realpath.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.p atch

NetBSD NetBSD 1.6

NetBSD SA2003-011-realpath.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.p atch

NetBSD NetBSD 1.6.1

NetBSD SA2003-011-realpath.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.p atch

Apple Mac OS X Server 10.2.6

Apple SecUpdSrvr2003-08-14.dmg
http://download.info.apple.com/Mac_OS_X/061-0724.20030814.vmeop/2Z/Sec UpdSrvr2003-08-14.dmg

Apple Mac OS X 10.2.6

Apple SecurityUpd2003-08-14.dmg
http://download.info.apple.com/Mac_OS_X/061-0722.20030814.kvie3/2Z/Sec urityUpd2003-08-14.dmg

Washington University wu-ftpd 2.6 .0

SuSE wuftpd-2.6.0-260.sparc.rpm
SuSE-7.3 Sparc
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/wuftpd-2.6.0-260.sparc .rpm

SuSE wuftpd-2.6.0-260.src.rpm
SuSE-7.3 Sparc
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/wuftpd-2.6.0-260.src. rpm

SuSE wuftpd-2.6.0-328.ppc.rpm
SuSE-7.3 PPC
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/wuftpd-2.6.0-328.ppc.rpm

SuSE wuftpd-2.6.0-328.src.rpm
SuSE-7.3 PPC
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/wuftpd-2.6.0-328.src.rp m

SuSE wuftpd-2.6.0-403.i386.rpm
SuSE-7.2 Intel
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/wuftpd-2.6.0-403.i386.r pm

SuSE wuftpd-2.6.0-403.i386.rpm
SuSE-7.3 Intel
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/wuftpd-2.6.0-403.i386.r pm

SuSE wuftpd-2.6.0-403.src.rpm
SuSE-7.2 Intel
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/wuftpd-2.6.0-403.src.r pm

SuSE wuftpd-2.6.0-403.src.rpm
SuSE-7.3 Intel
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/wuftpd-2.6.0-403.src.r pm

TurboLinux wu-ftpd-2.6.2-1.i386.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/ updates/RPMS/wu-ftpd-2.6.2-1.i386.rpm

TurboLinux wu-ftpd-2.6.2-1.i386.rpm
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6. 0/ja/updates/RPMS/wu-ftpd-2.6.2-1.i386.rpm

Washington University wu-ftpd 2.6.1

Immunix wu-ftpd-2.6.1-6_imnx_8.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/wu-ftpd-2.6.1-6_ imnx_8.i386.rpm

Washington University wu-ftpd 2.6.2

Debian wu-ftpd-academ_2.6.2-3woody1_all.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd-academ_ 2.6.2-3woody1_all.deb

Debian wu-ftpd_2.6.2-3woody1_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody1_alpha.deb

Debian wu-ftpd_2.6.2-3woody1_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody1_arm.deb

Debian wu-ftpd_2.6.2-3woody1_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody1_hppa.deb

Debian wu-ftpd_2.6.2-3woody1_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody1_i386.deb

Debian wu-ftpd_2.6.2-3woody1_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody1_ia64.deb

Debian wu-ftpd_2.6.2-3woody1_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody1_m68k.deb

Debian wu-ftpd_2.6.2-3woody1_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody1_mips.deb

Debian wu-ftpd_2.6.2-3woody1_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody1_mipsel.deb

Debian wu-ftpd_2.6.2-3woody1_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody1_powerpc.deb

Debian wu-ftpd_2.6.2-3woody1_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody1_s390.deb

Debian wu-ftpd_2.6.2-3woody1_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3 woody1_sparc.deb

HP wu-ftpd_262_patch.tar

Mandrake wu-ftpd-2.6.2-1.1mdk.i586.rpm
Mandrake Linux 8.2Directory: 8.2/RPMS/
http://www.mandrakesecure.net/en/ftp.php

Mandrake wu-ftpd-2.6.2-1.1mdk.ppc.rpm
Mandrake Linux 8.2/PPCDirectory: ppc/8.2/RPMS/
http://www.mandrakesecure.net/en/ftp.php

Mandrake wu-ftpd-2.6.2-1.1mdk.src.rpm
Mandrake Linux 8.2/PPCDirectory: ppc/8.2/SRPMS/
http://www.mandrakesecure.net/en/ftp.php

Mandrake wu-ftpd-2.6.2-1.1mdk.src.rpm
Mandrake Linux 8.2Directory: 8.2/SRPMS/
http://www.mandrakesecure.net/en/ftp.php

TurboLinux wu-ftpd-2.6.2-1.i386.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServ er/6/ja/updates/RPMS/wu-ftpd-2.6.2-1.i386.rpm