From owner-freebsd-security Thu Sep 9 7:18:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 2AAE41594B for ; Thu, 9 Sep 1999 07:17:29 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id RAA57065; Thu, 9 Sep 1999 17:09:40 +0300 (EEST) (envelope-from ru) Date: Thu, 9 Sep 1999 17:09:40 +0300 From: Ruslan Ermilov To: "Rashid N. Achilov" Cc: Bill Fink , security@FreeBSD.ORG Subject: Re: FTP Vulnerability Message-ID: <19990909170940.B51179@relay.ucb.crimea.ua> Mail-Followup-To: "Rashid N. Achilov" , Bill Fink , security@FreeBSD.ORG References: <19990909162255.A15548@relay.ucb.crimea.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: ; from Rashid N. Achilov on Thu, Sep 09, 1999 at 08:54:08PM +0700 X-Operating-System: FreeBSD 3.2-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Sep 09, 1999 at 08:54:08PM +0700, Rashid N. Achilov wrote: > On Thu, 9 Sep 1999, Ruslan Ermilov wrote: > > > > I've visited the mirrors for the WUFTP site(s) looking for the versions > > > "after August 30" and there's NOTHING newer than MAY. > > > > > The versions we are talking about refer to the FreeBSD ports collection. > > Port of wu-ftpd (/usr/ports/net/wu-ftpd) has been upgraded to apply the > > following patch: > > > > ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/mapped.path.overrun.patch > > On this site mapped.overrun... dated August,24. > In ports tree in patches subdir newest patch dated April,7 :-) > Grr... Advisory refers to version of the FreeBSD port after 1999/08/30: :RCS file: /home/ncvs/ports/ftp/wu-ftpd/Makefile,v :head: 1.30 :---------------------------- :revision 1.29 :date: 1999/08/30 19:14:03; author: cpiazza; state: Exp; lines: +4 -1 ^^^^^^^^^^ :Add a PATCH_FILE to close a security hole in wu-ftpd. : :Quoted from wu-ftpd group's accouncement: : : Due to insufficient bounds checking on directory name lengths which can : be supplied by users, it is possible to overwrite the static memory : space of the wu-ftpd daemon while it is executing under certain : configurations. By having the ability to create directories and : supplying carefully designed directory names to the wu-ftpd, users may : gain privileged access. : :PR: 13475 :Submitted by: jack@germanium.xtalwind.net :============================================================================= -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message