Fedora Legacy Test Update Notification: wu-ftpd

Jesse Keating jkeating at j2solutions.net
Mon May 31 21:40:00 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1376
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1376
2004-05-31
- ---------------------------------------------------------------------
 
Name            : wu-ftpd
Version 7.3     : 2.6.2-14.legacy.7x
Summary         : An FTP daemon provided by Washington University.
Description :
The wu-ftpd package contains the wu-ftpd FTP (File Transfer Protocol)
server daemon. The FTP protocol is a method of transferring files
between machines on a network and/or over the Internet. Wu-ftpd's
features include logging of transfers, logging of commands, on the fly
compression and archiving, classification of users' type and location,
per class limits, per directory upload permissions, restricted guest
accounts, system wide and per directory messages, directory alias,
cdpath, filename filter, and virtual host support.
 
- ---------------------------------------------------------------------
Update Information:
 
CAN-1999-0997:
wu-ftp with FTP conversion enabled allows an attacker to execute commands 
via a malformed file name that is interpreted as an argument to the 
program that does the conversion, e.g. tar or uncompress.

CAN-2004-0148:
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows 
local users to bypass access restrictions by changing the permissions to 
prevent access to their home directory, which causes wu-ftpd to use the 
root directory instead.

CAN-2004-0185:
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon 
(wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and 
possibly execute arbitrary code via a s/key (SKEY) request with a long 
name.

- ---------------------------------------------------------------------
Changelog:
 
7.3:

* Mon May 31 2004 Jesse Keating <jkeating at j2solutions.net> 
2.6.2-14.legacy.7x
 
- - Added byacc to buildreqs
 
* Sat May 22 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
2.6.2-13.legacy.7x
 
- - bugfix release CAN-1999-0997 ftp conversions
- - CAN-2004-0148 escape from home
- - CAN-2004-0185 skeychallenge

- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
 
4fafbba3bd2a5522d5ad39ad4a1ae742751628d5  
7.3/updates-testing/SRPMS/wu-ftpd-2.6.2-14.legacy.7x.src.rpm
8005185d531ffc61f6b749b7a49b4875fbd49e33  
7.3/updates-testing/i386/wu-ftpd-2.6.2-14.legacy.7x.i386.rpm
 
Please note that this update is also available via yum and apt through the 
updates-testing channel.  Many people find this an easier way to apply 
updates.

- ---------------------------------------------------------------------
- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAu6Yw4v2HLvE71NURAi6RAJ9j5KaQuouyXBv46IV/W0fbAwW+jwCgs7Jz
c53WqsP/T6x8jARsyNTXXGQ=
=Hw8Y
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list