by Craig Shrimpt » Sat, 26 Aug 1995 04:00:00
I see that the new Slackware source still has _PATH_EXECPATH still
pointing to /bin. What was the final verdict concerning the security
issues there? I have read some conflicting news on wether or not
re-defining the EXECPATH to some other "bogus" directory or if more
hacking is needed in the code. There was one article that claimed
changes were needed to the src/popen.c file. Anyone know the scoop?
Thanks,
-Craig
1. InfoMagic Mar95 wu.ftpd security hole fix.
This problem exist in several Slackware releases!
The "wu-ftpd-2.4.diff.gz" patch-file produces a vulnerable "wu.ftpd"
which allows anyone with an account on the machine to become root user.
Solutions range from simple, disable "wu.ftpd"; to easy, recompile.
The appended script, "wu-ftpd.sh", will accomplish the latter.
=========================================================================
Instructions, *as root*, for InfoMagic's March 1995 4CD-set, assuming
Disc 1 is mounted on "/cdrom". The initial "cd" is to "/usr/src",
where the build will occur.
Cut on '-' lines & save as wu-ftpd.sh; "chmod 700 wu-ftpd.sh"; "wu-ftpd.sh".
----------------------------wu-ftpd.sh-----------------------------------
# wu-ftpd.sh (1), created 3JUN95 by Louis J. LaBash, Jr.
# For InfoMagic's March 1995 4CD-set, Disc 1 mounted on "/cdrom";
# build will occur in "/usr/src/wu-ftpd-2.4".
# Change in src/pathnames.h: (fixes security hole)
# #define _PATH_EXECPATH from "/bin" to "/bin/ftp-exec"
# References:
# ftp://ftp.auscert.org.au/pub/auscert/advisory/
# AA-94.01.ftpd.Configuration.Advice -18APR94-
# AA-95.04.wu-ftpd.misconfiguration.vulnerability -02JUN95-
# wu-ftpd-2.4/INSTALL -01APR94-
# /cdrom/Slackware_Source/n/tcpip/SlackBuild -02MAR95-
cd /usr/src
rm -rf wu-ftpd-2.4
tar xvzf /cdrom/Slackware_Source/n/tcpip/wu-ftpd-2.4.tar.gz
cd wu-ftpd-2.4
zcat /cdrom/Slackware_Source/n/tcpip/wu-ftpd-2.4.diff.gz | patch
mv src/pathnames.h src/pathnames.h-slack
sed -e 's/_PATH_EXECPATH.*"\/bin"/_PATH_EXECPATH "\/bin\/ftp-exec"/' \
src/pathnames.h-slack >src/pathnames.h
build lnx
mv /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd-slack
install -m 755 -g bin -o root -s bin/ftpd /usr/sbin/wu.ftpd
echo '*** Restart inetd process, or reboot! ***'
----------------------------wu-ftpd.sh-----------------------------------
Hope this is of some utility.
--
2. Install of Solaris 7 on Sparc 20
3. wu-ftpd - WITH Security fixes - Binaries wanted
5. InfoMagic Mar95 wu.ftpd security hole fix.
6. PPPD log in help - SCRIPTS?
7. wu-ftpd - WITH Security fixes - Binaries wanted
9. WU-Ftpd Security Help Needed?
10. wu-ftpd fixed -- now ls not working
11. WU-FTPD 2.6 Security Problem
12. SECURITY: problem with some wu-ftpd-2.4 binaries