[TCLUG] CERT warning on WU-FTP

Mon Dec 3 13:12:41 CST 2001

On Mon, Dec 03, 2001 at 07:32:38AM -0600, Mary Ayala wrote:
> Anyone familiar with this vulnerability?  Are the patches finally
> ready?  Do I even need to worry?

Yes, you should worry.  It's a root exploit under special circumstances:

    1. You compiled wu-ftpd with debugging support (for gdb)
        CFLAGS=-g
    1.1. You are running an old version of 2.6.0 or 2.6.1
    1.2. You are running Red Hat's incorrectly versioned 2.7.0
         prerelease as 2.6.1-xx

Note, you must have compiled it with gdb support, or loaded an
rpm/package as such.  Quick fix:

    bash# strip /usr/bin/wu-ftpd

This strips the gdb symbols out of the binary.  Other things to do would
include disabling anonymous ftp access until you get the patch.  Check
the wu-ftpd site for raw patches, or consult your favorite distro for
the latest packages.

Note, Debian backports bugfixes and exploits to the stable branch,
potato.  They very rarely upgrade to a new version of the software,
which will often introduce more bugs than that which is being fixed.
Debian's 2.6.1 in woody is NOT vulnerable.  The old 2.6.0 in potato was.
Make sure you include the security updates in your sources.list.

-- 
Chad Walstrom <chewie at wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
Get my public key, ICQ#, etc. $(mailx -s 'get info' chewie at wookimus.net)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20011203/f3fc1d9f/attachment.pgp