ID de Prueba:	1.3.6.1.4.1.25623.1.0.50738
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2003:080 (wu-ftpd)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to wu-ftpd announced via advisory MDKSA-2003:080. A vulnerability was discovered by Janusz Niewiadomski and Wojciech Purczynski in the wu-ftpd FTP server package. They found an off-by- one bug in the fb_realpath() function which could be used by a remote attacker to obtain root privileges on the server. This bug can only be successfully accomplished by using wu-ftpd binaries compiled on Linux 2.0.x and later 2.4.x kernels because the 2.2.x and earlier 2.4.x kernels define PATH_MAX to be 4095 characters. wu-ftpd is no longer shipped with Mandrake Linux, however Mandrake Linux 8.2 did come with wu-ftpd. If you use wu-ftpd, you are encouraged to upgrade to these patched packages. Affected versions: 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2003:080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0466 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	BugTraq ID: 8315 Common Vulnerability Exposure (CVE) ID: CVE-2003-0466 http://www.securityfocus.com/bid/8315 Bugtraq: 20030731 wu-ftpd fb_realpath() off-by-one bug (Google Search) http://marc.info/?l=bugtraq&m=105967301604815&w=2 Bugtraq: 20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3) (Google Search) http://marc.info/?l=bugtraq&m=106002488209129&w=2 Bugtraq: 20030804 wu-ftpd-2.6.2 off-by-one remote exploit. (Google Search) http://marc.info/?l=bugtraq&m=106001702232325&w=2 Bugtraq: 20060213 Latest wu-ftpd exploit :-s (Google Search) http://www.securityfocus.com/archive/1/424852/100/0/threaded Bugtraq: 20060214 Re: Latest wu-ftpd exploit :-s (Google Search) http://www.securityfocus.com/archive/1/425061/100/0/threaded CERT/CC vulnerability note: VU#743092 http://www.kb.cert.org/vuls/id/743092 Debian Security Information: DSA-357 (Google Search) http://www.debian.org/security/2003/dsa-357 FreeBSD Security Advisory: FreeBSD-SA-03:08 http://marc.info/?l=bugtraq&m=106001410028809&w=2 HPdes Security Advisory: SSRT3606 Immunix Linux Advisory: IMNX-2003-7+-019-01 http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:080 http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt NETBSD Security Advisory: NetBSD-SA2003-011.txt.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc http://www.osvdb.org/6602 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970 http://www.redhat.com/support/errata/RHSA-2003-245.html http://www.redhat.com/support/errata/RHSA-2003-246.html SCO Security Bulletin: CSSA-2003-SCO.20 http://securitytracker.com/id?1007380 http://secunia.com/advisories/9423 http://secunia.com/advisories/9446 http://secunia.com/advisories/9447 http://secunia.com/advisories/9535 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1 SuSE Security Announcement: SuSE-SA:2003:032 (Google Search) http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html TurboLinux Advisory: TLSA-2003-46 http://www.turbolinux.com/security/TLSA-2003-46.txt http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html XForce ISS Database: libc-realpath-offbyone-bo(12785) https://exchange.xforce.ibmcloud.com/vulnerabilities/12785
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.