-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 1999-003 ================================= Topic: Security problems in wu-ftpd package fixed Version: Anything before wu-ftpd-2.4.2b18.2 Severity: Remote buffer overflows in various FTP servers leads to potential root compromise. Abstract ======== Remote buffer overflows in various FTP servers leads to potential root compromise. Technical Details ================= When processing pathnames from commands such as CWD and MKD, the FTP server realpath module would incorrectly copy beyond the end of it's buffer. This could happen if passed a length greater than MAXPATHLEN (1024), or if the full real path (outside of ~ftp) was greater than MAXPATHLEN. This allowed a remote attack to compromise the system by overwriting the programs stack with their own data, possibly gaining root access. Solutions and Workarounds ========================= NetBSD users should update to a pkgsrc tree newer than 19990214 and make sure the version of their wu-ftpd package is at least wu-ftpd-2.4.2b18.2. Binaries for NetBSD 1.3.3 and NetBSD-current are available at ftp://ftp.netbsd.org/pub/NetBSD/packages/1.3/ ftp://ftp.netbsd.org/pub/NetBSD/packages/1.3.3/ and ftp://ftp.netbsd.org/pub/NetBSD/packages/1.3I/ respectively. Thanks To ========= Thanks go to Rene Hexel for updating the wu-ftpd package with appropriate patches to fix all buffer overruns and to Hubert Feyrer for coordinating package fixing, binary package builds and the corresponding annoucements. More Information ================ Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/. Copyright 1999, The NetBSD Foundation, Inc. All Rights Reserved. $NetBSD: NetBSD-SA1999-003.txt,v 1.2 1999/02/28 00:08:40 mrg Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBNtiS7D5Ru2/4N2IFAQFG+gQAiGFZ4iQ2VQ70ls/UnWlG+vLovY8sDLwr S6+bbXzmu21Oo61vMm6/aXWlDAWXzVNWkWJWam7WajShZ+N1T8KHYd9fge8Keh7y PVd/5HHwrB1LwwjNv2i116fXyvC08hFkUsUGOi7VV+bPeGsUo1uYY2c+Xh6bIoQw rf1Pl3Yr1D8= =01kt -----END PGP SIGNATURE-----