Turbolinux Local Security Tests : Turbolinux TLSA-2004-8 (wu-ftpd)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52881

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2004-8 (wu-ftpd)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to wu-ftpd
announced via advisory TLSA-2004-8.

Wu-ftpd is the daemon (background) program which serves FTP files to ftp clients.

- wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled,
allows local users to bypass access restrictions by changing the permissions
to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
- Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2
allows remote attackers to cause a denial of service and possibly execute arbitrary code
via a s/key (SKEY) request with a long name.

The ftp users may be able to read the file which cannot be read.
The vulnerabilities allow an attacker can cause to denial of service of the wu-ftpd.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-8

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0185
BugTraq ID: 8893
http://www.securityfocus.com/bid/8893
Debian Security Information: DSA-457 (Google Search)
http://www.debian.org/security/2004/dsa-457
http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt
http://www.securiteam.com/unixfocus/6X00Q1P8KC.html
http://www.redhat.com/support/errata/RHSA-2004-096.html
XForce ISS Database: wuftpd-skey-bo(13518)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13518
Common Vulnerability Exposure (CVE) ID: CVE-2004-0148
BugTraq ID: 9832
http://www.securityfocus.com/bid/9832
http://www.frsirt.com/english/advisories/2006/1867
HPdes Security Advisory: SSRT4704
http://marc.info/?l=bugtraq&m=108999466902690&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648
SCO Security Bulletin: SCOSA-2005.6
http://secunia.com/advisories/11055
http://secunia.com/advisories/20168
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1
XForce ISS Database: wuftpd-restrictedgid-gain-access(15423)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15423

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52881
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2004-8 (wu-ftpd)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to wu-ftpd announced via advisory TLSA-2004-8. Wu-ftpd is the daemon (background) program which serves FTP files to ftp clients. - wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. - Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. The ftp users may be able to read the file which cannot be read. The vulnerabilities allow an attacker can cause to denial of service of the wu-ftpd. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-8 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0185 BugTraq ID: 8893 http://www.securityfocus.com/bid/8893 Debian Security Information: DSA-457 (Google Search) http://www.debian.org/security/2004/dsa-457 http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt http://www.securiteam.com/unixfocus/6X00Q1P8KC.html http://www.redhat.com/support/errata/RHSA-2004-096.html XForce ISS Database: wuftpd-skey-bo(13518) https://exchange.xforce.ibmcloud.com/vulnerabilities/13518 Common Vulnerability Exposure (CVE) ID: CVE-2004-0148 BugTraq ID: 9832 http://www.securityfocus.com/bid/9832 http://www.frsirt.com/english/advisories/2006/1867 HPdes Security Advisory: SSRT4704 http://marc.info/?l=bugtraq&m=108999466902690&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648 SCO Security Bulletin: SCOSA-2005.6 http://secunia.com/advisories/11055 http://secunia.com/advisories/20168 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1 XForce ISS Database: wuftpd-restrictedgid-gain-access(15423) https://exchange.xforce.ibmcloud.com/vulnerabilities/15423
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com