This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
FTP:WU-FTP:OFFBYONE-BOF
|
Severity |
Major
|
Recommended |
No
|
Category |
FTP
|
Keywords |
WU-FTPD Off-by-One Buffer Overflow
|
Release Date |
2003/04/22
|
Update Number |
1213
|
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
FTP: WU-FTPD Off-by-One Buffer Overflow
This signature detects attempts to exploit a known vulnerability in WU-FTPD. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.
Extended Description
The 'realpath()' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A vulnerability that was reported to affect the implementation of 'realpath()' in WU-FTPD has lead to the discovery that at least one implementation of the C library is also vulnerable. FreeBSD has announced that the off-by-one stack- buffer-overflow vulnerability is present in their libc. Other systems are also likely vulnerable.
Reportedly, this vulnerability has been successfully exploited against WU-FTPD to execute arbitrary instructions.
NOTE: Patching the C library alone may not remove all instances of this vulnerability. Statically linked programs may need to be rebuilt with a patched version of the C library. Also, some applications may implement their own version of 'realpath()'. These applications would require their own patches. FreeBSD has published a large list of applications that use 'realpath()'. Administrators of FreeBSD and other systems are urged to review it. For more information, see the advisory 'FreeBSD-SA-03:08.realpath'.
Affected Products
- Apple mac_os_x 10.2.6
- Apple mac_os_x_server 10.2.6
- Freebsd freebsd 3.5.1 -Stablepre2001-07-20
- Freebsd freebsd 4.0.0
- Freebsd freebsd 4.0.0 Alpha
- Freebsd freebsd 4.0.0 .X
- Freebsd freebsd 4.1.0
- Freebsd freebsd 4.1.1
- Freebsd freebsd 4.1.1 -RELEASE
- Freebsd freebsd 4.1.1 -STABLE
- Freebsd freebsd 4.2.0
- Freebsd freebsd 4.2.0 -RELEASE
- Freebsd freebsd 4.2.0 -STABLE
- Freebsd freebsd 4.2.0 -Stablepre050201
- Freebsd freebsd 4.2.0 -Stablepre122300
- Freebsd freebsd 4.3.0
- Freebsd freebsd 4.3.0 -RELEASE
- Freebsd freebsd 4.3.0 -RELENG
- Freebsd freebsd 4.3.0 -STABLE
- Freebsd freebsd 4.4.0
- Freebsd freebsd 4.4.0 -RELENG
- Freebsd freebsd 4.4.0 -STABLE
- Freebsd freebsd 4.5.0
- Freebsd freebsd 4.5.0 -RELEASE
- Freebsd freebsd 4.5.0 -STABLE
- Freebsd freebsd 4.5.0 -Stablepre2002-03-07
- Freebsd freebsd 4.6.0
- Freebsd freebsd 4.6.0 -RELEASE
- Freebsd freebsd 4.6.0 -STABLE
- Freebsd freebsd 4.6.2
- Freebsd freebsd 4.7.0
- Freebsd freebsd 4.7.0 -RELEASE
- Freebsd freebsd 4.7.0 -STABLE
- Freebsd freebsd 4.8.0
- Freebsd freebsd 4.8.0 -PRERELEASE
- Freebsd freebsd 5.0.0
- Freebsd freebsd 5.0.0 Alpha
- Hp hp-ux 11.0.0
- Hp hp-ux 11.11.0
- Hp hp-ux 11.22.0
- Netbsd netbsd 1.5.0
- Netbsd netbsd 1.5.1
- Netbsd netbsd 1.5.2
- Netbsd netbsd 1.5.3
- Netbsd netbsd 1.6.0
- Netbsd netbsd 1.6.1
- Openbsd openbsd 2.0.0
- Openbsd openbsd 2.1.0
- Openbsd openbsd 2.2.0
- Openbsd openbsd 2.3.0
- Openbsd openbsd 2.4.0
- Openbsd openbsd 2.5.0
- Openbsd openbsd 2.6.0
- Openbsd openbsd 2.7.0
- Openbsd openbsd 2.8.0
- Openbsd openbsd 2.9.0
- Openbsd openbsd 3.0
- Openbsd openbsd 3.1
- Openbsd openbsd 3.2
- Openbsd openbsd 3.3
- Red_hat wu-ftpd-2.6.1-16.i386.rpm
- Red_hat wu-ftpd-2.6.1-16.ppc.rpm
- Red_hat wu-ftpd-2.6.1-18.i386.rpm
- Red_hat wu-ftpd-2.6.1-18.ia64.rpm
- Red_hat wu-ftpd-2.6.2-5.i386.rpm
- Red_hat wu-ftpd-2.6.2-8.i386.rpm
- Ssh_communications_security ssh2 3.2.9.1
- Sun solaris 9 Sparc
- Sun solaris 9 X86
- Washington_university wu-ftpd 2.5.0 .0
- Washington_university wu-ftpd 2.6.0 .0
- Washington_university wu-ftpd 2.6.1
- Washington_university wu-ftpd 2.6.2
References