Security Advisory remote root exploit (SITE EXEC) fixed

Advisory: RHSA-2000:039-02
Type: Security Advisory
Severity: N/A
Issued on: 2000-06-23
Last updated on: 2001-02-25
Affected Products: Red Hat Linux 6.2
OVAL: N/A
CVEs (cve.mitre.org): CVE-2000-0573

Details

A security bug in wu-ftpd can permit remote users, even without
an account, to gain root access.
The new version closes the hole.

An exploitable buffer overrun existed in wu-ftpd code's status update code.
Fixed by adding bounds checking by passing the status strings through %s.


Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages

Red Hat Linux 6.2
alpha:
ftp://updates.redhat.com/6.2/alpha/wu-ftpd-2.6.0-14.6x.alpha.rpm
Missing file		     fafe870fc91762dd7e9182df3b4dfee5
 
i386:
ftp://updates.redhat.com/6.2/i386/wu-ftpd-2.6.0-14.6x.i386.rpm
Missing file		     50c11f333641277ab75e6207bffb13b4
 
sparc:
ftp://updates.redhat.com/6.2/sparc/wu-ftpd-2.6.0-14.6x.sparc.rpm
Missing file		     8abba6ffa660d1c221581855630ed40d
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0573
N/A

Keywords

overrun

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/