What was the final fix for wu.ftpd security?

What was the final fix for wu.ftpd security?

Post by Craig Shrimpt » Sat, 26 Aug 1995 04:00:00


I see that the new Slackware source still has _PATH_EXECPATH still
pointing to /bin.  What was the final verdict concerning the security
issues there?  I have read some conflicting news on wether or not
re-defining the EXECPATH to some other "bogus" directory or if more
hacking is needed in the code.  There was one article that claimed
changes were needed to the src/popen.c file.  Anyone know the scoop?




1. InfoMagic Mar95 wu.ftpd security hole fix.

This problem exist in several Slackware releases!

The "wu-ftpd-2.4.diff.gz" patch-file produces a vulnerable "wu.ftpd"
which allows anyone with an account on the machine to become root user.
Solutions range from simple, disable "wu.ftpd"; to easy, recompile.
The appended script, "wu-ftpd.sh", will accomplish the latter.

Instructions, *as root*, for InfoMagic's March 1995 4CD-set, assuming
Disc 1 is mounted on "/cdrom".  The initial "cd" is to "/usr/src",
where the build will occur.

Cut on '-' lines & save as wu-ftpd.sh; "chmod 700 wu-ftpd.sh"; "wu-ftpd.sh".
# wu-ftpd.sh (1), created 3JUN95 by Louis J. LaBash, Jr.
# For InfoMagic's March 1995 4CD-set, Disc 1 mounted on "/cdrom";
#     build will occur in "/usr/src/wu-ftpd-2.4".
# Change in src/pathnames.h: (fixes security hole)
#     #define _PATH_EXECPATH from "/bin" to "/bin/ftp-exec"
# References:
#     ftp://ftp.auscert.org.au/pub/auscert/advisory/
#         AA-94.01.ftpd.Configuration.Advice              -18APR94-
#         AA-95.04.wu-ftpd.misconfiguration.vulnerability -02JUN95-
#     wu-ftpd-2.4/INSTALL                                 -01APR94-
#     /cdrom/Slackware_Source/n/tcpip/SlackBuild          -02MAR95-

cd /usr/src
rm -rf wu-ftpd-2.4
tar xvzf /cdrom/Slackware_Source/n/tcpip/wu-ftpd-2.4.tar.gz
cd wu-ftpd-2.4
zcat /cdrom/Slackware_Source/n/tcpip/wu-ftpd-2.4.diff.gz | patch

mv src/pathnames.h src/pathnames.h-slack
sed -e 's/_PATH_EXECPATH.*"\/bin"/_PATH_EXECPATH  "\/bin\/ftp-exec"/' \
src/pathnames.h-slack >src/pathnames.h

build lnx
mv /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd-slack
install -m 755 -g bin -o root -s bin/ftpd  /usr/sbin/wu.ftpd
echo '*** Restart inetd process, or reboot! ***'


Hope this is of some utility.

2. Install of Solaris 7 on Sparc 20

3. wu-ftpd - WITH Security fixes - Binaries wanted

4. segmentation faults ????

5. InfoMagic Mar95 wu.ftpd security hole fix.

6. PPPD log in help - SCRIPTS?

7. wu-ftpd - WITH Security fixes - Binaries wanted

8. xfree 3 and 4?

9. WU-Ftpd Security Help Needed?

10. wu-ftpd fixed -- now ls not working

11. WU-FTPD 2.6 Security Problem

12. SECURITY: problem with some wu-ftpd-2.4 binaries

13. wu-ftpd-2.4-fixed problem