Subject: NetBSD Security Advisory 1999-003
To: None <netbsd-announce@netbsd.org>
From: matthew green <mrg@eterna.com.au>
List: current-users
Date: 02/16/1999 15:50:21
[ this advisory has limited distribution due to the problem already
  being addressed outside of the NetBSD scope ]


-----BEGIN PGP SIGNED MESSAGE-----

                 NetBSD Security Advisory 1999-003
                 =================================

Topic:		Security problems in wu-ftpd package fixed
Version:	Anything before wu-ftpd-2.4.2b18.2
Severity:	Remote buffer overflows in various FTP servers leads
		to potential root compromise. 


Abstract
========

Remote buffer overflows in various FTP servers leads to potential root
compromise. 


Technical Details
=================

When processing pathnames from commands such as CWD and MKD, the FTP
server realpath module would incorrectly copy beyond the end of it's
buffer.  This could happen if passed a length greater than MAXPATHLEN
(1024), or if the full real path (outside of ~ftp) was greater than
MAXPATHLEN.  This allowed a remote attack to compromise the system by
overwriting the programs stack with their own data, possibly gaining
root access.


Solutions and Workarounds
=========================

NetBSD users should update to a pkgsrc tree newer than 19990214
and make sure the version of their wu-ftpd package is at least
wu-ftpd-2.4.2b18.2. 

Binaries for NetBSD 1.3.3 and NetBSD-current are available at

	ftp://ftp.netbsd.org/pub/NetBSD/packages/1.3/
	ftp://ftp.netbsd.org/pub/NetBSD/packages/1.3.3/

and
	ftp://ftp.netbsd.org/pub/NetBSD/packages/1.3I/

respectively.


Thanks To
=========

Thanks go to Rene Hexel <rh@idle.trapdoor.vip.at> for updating the
wu-ftpd package with appropriate patches to fix all buffer overruns
and to Hubert Feyrer <hubert.feyrer@rz.uni-regensburg.de> for
coordinating package fixing, binary package builds and the
corresponding annoucements. 


More Information
================

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 1999, The NetBSD Foundation, Inc.  All Rights Reserved.

$NetBSD: NetBSD-SA1999-003.txt,v 1.1 1999/02/16 00:25:01 mrg Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBNsj4Rj5Ru2/4N2IFAQEYXAP/e5ThDX64FG1kqJWQ68Vkp/4MPXnqx4Lj
awymoSg45lH8x/2i3KwjVjfbfSWtqq8BhzZw/xZ6RVCaci1zQEQLHfX6TcIctQcJ
wB82/tId6ImLqxnmAzPNLfSXR6foC1gBBZ1Y3w5+/BYZj8ANnrpWJq8bIxiJh2PU
LN21aJmkT/4=
=Xc5Z
-----END PGP SIGNATURE-----