Mailing List Info
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists
  Archives

About

 
From: "Patrick J. Volkerding" <volkerdi@slackware.com>
To: slackware-security@slackware.com
Subject: wu.ftpd buffer overflow
Date: Mon, 30 Aug 1999 01:08:13 -0700 (PDT)
It's been a busy weekend...

A buffer overflow has been found in wu-ftpd 2.5 and prior releases, and
has been patched in slackware-4.0 and slackware-current on ftp.cdrom.com
in /pub/linux/.  Here are the details:

Slackware-4.0 ChangeLog.txt:
Sun Aug 29 19:37:43 CDT 1999
slakware/n8/tcpip1.tgz:  Upgraded to wu-ftpd-2.5.0, patched mapped path and
            other buffer overflows.  The problem fixed by this package can
            result in unauthorized root access to the machine -- it is highly
            recommended that anyone running an FTP server open to the Internet
            install this package (or the one below) as soon as is possible.
*** Alternate, minimal fix:
patches/wuftpd.tgz:  This package contains version 2.5.0 of the wu-ftpd FTP
            daemon, with buffer overflows fixed.  This package is suitable for
            use with Slackware 3.5, 3.6, 3.9, or 4.0.
----------------------------
Slackware 4.0 new package MD5 sums:
329e9eab5df6357b98d746207a938997  slakware/n8/tcpip1.tgz
61a8a59e47e4308db11524c9cafd6188  patches/wuftpd.tgz
----------------------------
Slackware-current ChangeLog.txt:
Mon Aug 30 02:07:19 CDT 1999
n1/tcpip1.tgz:  Patched wu-ftpd-2.5.0 against buffer overflows.
----------------------------
Slackware-current new package MD5 sums:
8cc8224850e45a14711b4457badcc823  n1/tcpip1.tgz
----------------------------

Take care,

Pat


Slackware® is a registered trademark of Slackware Linux, Inc. All logos and graphics are copyrighted.