Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1442 - Vulnerability in wu-ftpd-2.4.2b18-2.1
Summary: Vulnerability in wu-ftpd-2.4.2b18-2.1
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd
Version: 5.2
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-03-07 06:50 UTC by david
Modified: 2007-03-27 03:25 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-06-08 14:35:38 UTC


Attachments (Terms of Use)

Description david 1999-03-07 06:50:32 UTC
I had a box attacked and comprimised last night.  Looks like
wu-ftpd was the entry point.  Here is the syslog.

Mar  5 20:27:59 ns6 ftpd[746]: getpeername (in.ftpd):
Transport endpoint is not connected
Mar  5 20:27:59 ns6 inetd[992]: ftp/tcp server failing
(looping), service terminated

[david@server david]$ rpm -q wu-ftpd
wu-ftpd-2.4.2b18-2.1

This box was only running ssh, ftp, www, and identd, so it
makes it look like ftp was to blame even more.  I will
investigate this further and post any additional
information.

Comment 1 Cristian Gafton 1999-03-21 22:24:59 UTC
We need more information on this problem. We are not aware aof any
possbilbe ecploits in the current wu-ftpd code.

Comment 2 lp.brais 1999-04-01 05:31:59 UTC
Please see the following article in Bugtraq archives:
http://www.geek-girl.com/bugtraq/1999_1/1075.html

I witnessed a break-in on one patched RH-5.2 system last week.
Seems like this was the entry point.

Comment 3 Jeff Johnson 1999-06-08 12:53:59 UTC
This is an errata item for
	4.2.3:	wu-ftp-2.5.0-0.4.2
	5.2.2:	wu-ftp-2.5.0-0.5.2
	6.0.4:	wu-ftp-2.5.0-2	(no exploit but other problems)

All systems need the following commands verified
	cd ~user	<= tilde expansion was busted
	ls foo*		<= globbing was busted
Pay close attention to ftpwho on non Red Hat 6.0 systems. It might
be broke ...

Comment 4 Jeff Johnson 1999-06-08 12:57:59 UTC
This is an errata item for
	4.2.3:	wu-ftp-2.5.0-0.4.2
	5.2.2:	wu-ftp-2.5.0-0.5.2
	6.0.4:	wu-ftp-2.5.0-2	(no exploit but other problems)

All systems need the following commands verified
	cd ~user	<= tilde expansion was busted
	ls foo*		<= globbing was busted
Pay close attention to ftpwho on non Red Hat 6.0 systems. It might
be broke ...

Comment 5 Derek Tattersall 1999-06-08 14:35:59 UTC
tested all arch, 4.2, 5.2, 6.0 8 JUN 1999


Note You need to log in before you can comment on or make changes to this bug.