Debian update for WU-FTPD - Secunia Advisories - Vulnerability Intelligence

Debian update for WU-FTPD
Secunia Advisory:	SA9676	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2003-09-05
Popularity:	7,169 views

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

OS:	Debian GNU/Linux 3.0 Debian GNU/Linux unstable alias sid

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-1999-0997

Description: Debian has issued updated packages for WU-FTPD. These fix an old vulnerability, which can be exploited by malicious users to execute arbitrary commands on a vulnerable system. The vulnerability is caused due to an input validation error when FTP conversion is enabled. This can be exploited to execute arbitrary commands via a specially crafted file name, which is interpreted as command line arguments to the conversion program (eg. tar). Successful exploitation requires that the malicious person has been authenticated by the FTP server. Solution: Updated packages: -- Debian GNU/Linux 3.0 alias woody -- Source archives: http://security.debian.org/pool/updates/main/w/WU-FTPD/WU-FTPD_2.6.2-3woody2.dsc Size/MD5 checksum: 607 b557af23920403ce4be64670a873a1dd http://security.debian.org/pool/updat...WU-FTPD/WU-FTPD_2.6.2-3woody2.diff.gz Size/MD5 checksum: 100389 c2e481768ed3a0d97a110bc3cd4aefa2 http://security.debian.org/pool/updates/main/w/WU-FTPD/WU-FTPD_2.6.2.orig.tar.gz Size/MD5 checksum: 354784 b3c271f02aadf663b8811d1bff9da3f6 Architecture independent components: http://security.debian.org/pool/updat.../WU-FTPD-academ_2.6.2-3woody2_all.deb Size/MD5 checksum: 3474 ae0a727f52cf8f1488222ce2b414a29a Alpha architecture: http://security.debian.org/pool/updat...-FTPD/WU-FTPD_2.6.2-3woody2_alpha.deb Size/MD5 checksum: 291710 d9725bc2a271f151fc42605edd6394c6 ARM architecture: http://security.debian.org/pool/updat...WU-FTPD/WU-FTPD_2.6.2-3woody2_arm.deb Size/MD5 checksum: 265366 d435ee1977a93705462528b23b8c9550 Intel IA-32 architecture: http://security.debian.org/pool/updat...U-FTPD/WU-FTPD_2.6.2-3woody2_i386.deb Size/MD5 checksum: 257060 ed807ebe3275f76a13eed4fbb2d8a7fa Intel IA-64 architecture: http://security.debian.org/pool/updat...U-FTPD/WU-FTPD_2.6.2-3woody2_ia64.deb Size/MD5 checksum: 321256 beaa9b061436052fddf3f47e2932360a HP Precision architecture: http://security.debian.org/pool/updat...U-FTPD/WU-FTPD_2.6.2-3woody2_hppa.deb Size/MD5 checksum: 275896 c1bea3e7f0cdbab6c7240d5b08b4b9d1 Motorola 680x0 architecture: http://security.debian.org/pool/updat...U-FTPD/WU-FTPD_2.6.2-3woody2_m68k.deb Size/MD5 checksum: 249368 32f06b3bbe19265f749670950691c7ff Big endian MIPS architecture: http://security.debian.org/pool/updat...U-FTPD/WU-FTPD_2.6.2-3woody2_mips.deb Size/MD5 checksum: 272978 1ec11e5a9b53925b02fb7cfbbc3df56b Little endian MIPS architecture: http://security.debian.org/pool/updat...FTPD/WU-FTPD_2.6.2-3woody2_mipsel.deb Size/MD5 checksum: 273058 37140e512eaa62cfa0b99b9983e89b6f PowerPC architecture: http://security.debian.org/pool/updat...TPD/WU-FTPD_2.6.2-3woody2_powerpc.deb Size/MD5 checksum: 268354 4da902291bc8bb6c5c652dfd9f7ba729 IBM S/390 architecture: http://security.debian.org/pool/updat...U-FTPD/WU-FTPD_2.6.2-3woody2_s390.deb Size/MD5 checksum: 263100 a89f0be201d65cff953bc496a6391af4 Sun Sparc architecture: http://security.debian.org/pool/updat...-FTPD/WU-FTPD_2.6.2-3woody2_sparc.deb Size/MD5 checksum: 270448 088bb0a66ee5b74ec59baff506a2be2a -- Debian GNU/Linux unstable alias sid -- This will reportedly be fixed soon. Original Advisory: http://www.debian.org/security/2003/dsa-377

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

2nd Dec, 2008

New advisories:	14
New vulnerabilities:	21
Updated advisories:	26

Less // 401 views

Linksys WRT160N Cross-Site Scripting Vulnerability

Less // 384 views

IBM Rational ClearQuest Multiple Vulnerabilities

Not // 307 views

Debian update for flamethrower

Not // 296 views

flamethrower Insecure Temporary Files

Less // 355 views

IBM Rational ClearCase Cross-Site Scripting Vulnerability

Not // 344 views

DAHDI "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerability

Not // 338 views

Zaptel "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerabilities

Moderately // 325 views

Rumpus Multiple Vulnerabilities

Less // 343 views

bcoos "cid" SQL Injection Vulnerability

Moderately // 358 views

ASP Portal "ASPPortal.mdb" Database Disclosure Security Issue

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.