From owner-freebsd-ports Mon Aug 30 12: 0:26 1999 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0EB71157EF for ; Mon, 30 Aug 1999 12:00:24 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id MAA88334; Mon, 30 Aug 1999 12:00:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from germanium.xtalwind.net (germanium.xtalwind.net [205.160.242.5]) by hub.freebsd.org (Postfix) with ESMTP id 2D7551536E for ; Mon, 30 Aug 1999 11:50:52 -0700 (PDT) (envelope-from jack@germanium.xtalwind.net) Received: (from jack@localhost) by germanium.xtalwind.net (8.9.3/8.9.3) id OAA03461; Mon, 30 Aug 1999 14:50:51 -0400 (EDT) Message-Id: <199908301850.OAA03461@germanium.xtalwind.net> Date: Mon, 30 Aug 1999 14:50:51 -0400 (EDT) From: jack@germanium.xtalwind.net Reply-To: jack@germanium.xtalwind.net To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: ports/13475: Security hole in wu-ftpd 2.5.0 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 13475 >Category: ports >Synopsis: Security hole in wu-ftpd 2.5.0 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Aug 30 12:00:01 PDT 1999 >Closed-Date: >Last-Modified: >Originator: >Release: FreeBSD 3.2-STABLE i386 >Organization: >Environment: All wu-ftpd version thru 2.5.0 >Description: Quoted from wu-ftpd group's accouncement: Due to insufficient bounds checking on directory name lengths which can be supplied by users, it is possible to overwrite the static memory space of the wu-ftpd daemon while it is executing under certain configurations. By having the ability to create directories and supplying carefully designed directory names to the wu-ftpd, users may gain privileged access. >How-To-Repeat: >Fix: apply their patch diff -ruN wu-ftpd.insecure/Makefile wu-ftpd/Makefile --- wu-ftpd.insecure/Makefile Wed Aug 25 01:55:25 1999 +++ wu-ftpd/Makefile Mon Aug 30 14:32:41 1999 @@ -12,6 +12,9 @@ CATEGORIES= ftp MASTER_SITES= ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd/ +PATCH_SITES= ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/ +PATCHFILES= mapped.path.overrun.patch + MAINTAINER= ache@FreeBSD.org Y2K= http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html#QA35 diff -ruN wu-ftpd.insecure/files/md5 wu-ftpd/files/md5 --- wu-ftpd.insecure/files/md5 Mon Jun 7 16:51:25 1999 +++ wu-ftpd/files/md5 Mon Aug 30 14:30:56 1999 @@ -1 +1,2 @@ MD5 (wu-ftpd-2.5.0.tar.gz) = 98f9c8490e0d1ca2c3c57e60e65803b7 +MD5 (mapped.path.overrun.patch) = b01b65652eb3816f0ab11971ac52424d >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message