wu-ftpd Security Hole

wu-ftpd Security Hole

Post by John W. Templ » Mon, 18 Mar 1996 04:00:00

There is a rather serious bug in the SCO port of wu-ftpd 2.4.  The file
support/sco.c, which is used when compiling under SCO 3.2, contains an
initgroups() routine since this routine is missing under SCO.  This
routine declares an array of group IDs as an "int" rather than a
"gid_t".  Since "gid_t" is a typedef for "short" on SCO, the array of
group IDs passed to setgroups() by initgroups() is effectively
corrupted.  In my particular case, this was resulting in users logged
in under their own user IDs to having unauthorized access to group 0,
(root), though results would vary based on actual group membership.

The file "sco.c" is also used by the ISC port of wu-ftpd, so that OS
may also be vulnerable.

The problem is easily fixed by declaring the array "groups" as "gid_t",
recompiling, and reinstalling.
John W. Temples, III       ||       Providing the first public access Internet
Gulfnet Kuwait             ||            site in the Arabian Gulf region


1. WU-FTPD security holes

We are considering open up FTP services.  I'like to understand
the security issues.  Does any one have
the history of FTP security problems, and wu-ftpd guest
accounts in particular? What kind of things should I watch out for?

I understand I need to set the mode of /incoming to 0333
but 0444 for others.  What else?


Yuan Jiang, IFCSS CCIC administrator http://www.ifcss.org

2. Variable substitution in csh/tcsh

3. wu-ftpd security hole affect FreeBSD?

4. Where is libipc

5. InfoMagic Mar95 wu.ftpd security hole fix.

6. RS/6000 Installs.

7. VIA IDE fix for 2.4.21-rc5

8. Security hole with WU-FTPD

9. Wu-ftpd Remote Root Hole

10. After fixing wu-ftpd hole

11. WU-Ftpd Security Help Needed?

12. WU-FTPD 2.6 Security Problem