From owner-freebsd-security  Thu Sep  9  6:29: 1 1999
Delivered-To: freebsd-security@freebsd.org
Received: from the.oneinsane.net (the.oneinsane.net [207.113.133.228])
	by hub.freebsd.org (Postfix) with ESMTP id C4D2D14D4C
	for <freebsd-security@freebsd.org>; Thu,  9 Sep 1999 06:28:53 -0700 (PDT)
	(envelope-from insane@lunatic.oneinsane.net)
Received: from lunatic.oneinsane.net (qmailr@lunatic.oneinsane.net [207.113.133.231])
	by the.oneinsane.net (8.9.3/8.9.3) with SMTP id GAA09445
	for <freebsd-security@freebsd.org>; Thu, 9 Sep 1999 06:28:44 -0700 (PDT)
Received: (qmail 704 invoked by uid 1000); 9 Sep 1999 13:28:43 -0000
Date: Thu, 9 Sep 1999 06:28:43 -0700
From: "Ron 'The InSaNe One' Rosson" <insane@lunatic.oneinsane.net>
To: Bill Fink <bill@billfink.com>
Cc: freebsd-security@freebsd.org
Subject: Re: FTP Vulnerability
Message-ID: <19990909062843.A590@lunatic.oneinsane.net>
Reply-To: Ron Rosson <insane@lunatic.oneinsane.net>
References: <51D35DCFD7B0D21189440040333985C0013853@exchange1.billfink.com.247.64.63.IN-ADDR.ARPA>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mutt 0.95.6i
In-Reply-To: <51D35DCFD7B0D21189440040333985C0013853@exchange1.billfink.com.247.64.63.IN-ADDR.ARPA>; from Bill Fink on Thu, Sep 09, 1999 at 09:03:01AM -0400
X-Operating-System: FreeBSD lunatic.oneinsane.net 3.2-STABLE
X-Opinion: What you read here is my IMHO 
X-Disclaimer: I am a firm believer in RTFM 
X-WWW: http://www.oneinsane.net
X-PGP-KEY: http://www.oneinsane.net/~insane/insane-pgp5i.txt
X-Uptime: 6:26AM  up 35 days, 22:30, 1 user, load averages: 0.16, 0.17, 0.22
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 09 Sep 1999, Bill Fink was heard blurting out:

>=20
>=20
> I truly apologize, I trust I'm overlooking something here.
>=20
> The advisory below states:
>=20
> >> Upgrade your wu-ftpd or proftpd=20
> >> ports to the most recent versions
> >> (any version after August 30, 1999=20
> >> is not impacted by this problem).
>=20
> I've visited the mirrors for the WUFTP site(s) looking for the versions
> "after August 30" and there's NOTHING newer than MAY.
>=20

Take a look at the patches in the ports tree for these ports and you
will see the changes.

>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
> =3D
> FreeBSD-SA-99:03                                            Security
> Advisory
>                                                                 FreeBSD,
> Inc.
>=20
> Topic:          Two ftp daemons in ports vulnerable to attack.
>=20
> Category:       ports
> Module:         wu-ftpd and proftpd
> Announced:      1999-09-05
> Affects:        FreeBSD 3.2 (and earlier)
> 		FreeBSD-current before the correction date.
> Corrected:      FreeBSD-3.3 RELEASE
> 		FreeBSD-current as of 1999/08/30
> FreeBSD only:   NO
>=20
> Patches:        NONE
>=20
> I.   Background   =20
>=20
> wuftpd and proftpd have a flaw which can lead to a remote root
> compromise.  They are both vulnerable since they are both based on a
> code base that is vulnerable.
>=20
> II.  Problem Description
>=20
> Remote users can gain root via a buffer overflow.
>=20
> III. Impact
>=20
> Remote users can gain root.
>=20
> IV.  Workaround
>=20
> Disable the ftp daemon until you can upgrade your system.
>=20
> V.   Solution
>=20
> Upgrade your wu-ftpd or proftpd ports to the most recent versions (any
> version after August 30, 1999 is not impacted by this problem).  If
> you are running non-port versions, you should verify that your version
> is not vulnerable or upgrade to using the ports version of these
> programs.
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
> =3D
> FreeBSD, Inc.
>=20
> Web Site:                       http://www.freebsd.org/
> Confidential contacts:          security-officer@freebsd.org
> Security notifications:         security-notifications@freebsd.org
> Security public discussion:     freebsd-security@freebsd.org
> PGP Key:
> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
>=20
> Notice: Any patches in this document may not apply cleanly due to
>         modifications caused by digital signature or mailer software.
>         Please reference the URL listed at the top of this document
>         for original copies of all patches if necessary.
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
> =3D
>=20
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>=20
>=20
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

--=20
-------------------------------------------------------------------
Ron Rosson              	... and a UNIX user said ...
The InSaNe One                 		   rm -rf *
insane@oneinsane.net      	and all was null and void
-------------------------------------------------------------------
Practice random acts of intelligence and senseless acts of self-control.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message