|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
WU-FTPD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the restricted-gid feature is used. A malicious user can change the permissions on their home directory to deny themselves access. A subsequent connection by that user will exploit the flaw, and put them into the home directory of the root user, which will disclose files that an ordinary user would not have access to resulting in a loss of confidentiality.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
The following is the patch that Red Hat has applied. It should work for all platforms:
--- wu-ftpd/src/ftpd.c.escape 2001-05-17 20:36:44.000000000 +0200
+++ wu-ftpd/src/ftpd.c 2004-03-01 11:56:17.541416616 +0100
@@ -3365,7 +3365,7 @@
}
#endif /* ALT_HOMEDIR */
#else /* DISABLE_STRICT_HOMEDIR is defined */
- if (chdir("/") < 0) {
+ if (restricted_user || chdir("/") < 0) {
#ifdef VERBOSE_ERROR_LOGING
syslog(LOG_NOTICE, "FTP LOGIN FAILED (cannot chdir) for %s, %s",
remoteident, pw->pw_name);
|
|
Solution |
Upgrade to version 2.6.2-13 (Available on some Linux distributions) or higher, as it has been reported to fix this vulnerability. In addition, WU-FTPD Development Group has released a patch for some older versions of the main distribution.
|
|
Products |
|
wu-ftpd
 |
2.5.0 |
2.6.1 |
2.6.2 |
2.6.0 |
|
|
|
|
|
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
