Date: Thu, 10 Jan 2002 11:34:39 -0800
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2002-SCO.1] OpenServer: wu-ftpd ftpglob() vulnerability
--DBIVS5p969aUjpLe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.=
on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: OpenServer: wu-ftpd ftpglob() vulnerability
Advisory number: CSSA-2002-SCO.1
Issue date: 2002 January 10
Cross reference:
___________________________________________________________________________
1. Problem Description
=09
A vulnerability in the wu-ftpd ftpglob() function was found by
the CORE ST team. This vulnerability can be exploited to
obtain root access on the ftp server.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
OpenServer <=3D 5.0.6a /etc/ftpd
3. Workaround
None.
4. OpenServer
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.1/
4.2 Verification
MD5 (erg711907.tar) =3D 577a93a058d37283037be476b9e54298
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
Download erg711907.tar to /tmp
# cd /tmp
# tar xvf erg711907.tar
# custom
Instruct custom to install from images, and supply /tmp as the
directory of the VOL images.
=20
5. References
CORE-20011001: Wu-FTP glob heap corruption vulnerability
http://www.corest.com
CERT Advisory CA-2001-33 Multiple Vulnerabilities in WU-FTPD
http://www.cert.org=09http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2001-0550
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr856022, SCO-559-1331, erg711907.
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
7. Acknowledgements
This vulnerability was originally reported by Matt Power of
BindView on the vuln-dev mailing list.
=20
___________________________________________________________________________
--DBIVS5p969aUjpLe
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjw97M8ACgkQaqoBO7ipriFP0gCbB7bLHUD8y6wUwGNtfeWwFbIe
wWsAn3LKLjMHH82RjQ4InWoEt236qDi3
=/6aA
-----END PGP SIGNATURE-----
--DBIVS5p969aUjpLe--
