Wu-ftpd Remote Root Hole

Wu-ftpd Remote Root Hole

Post by James Ride » Sat, 01 Dec 2001 01:06:27

> http://www.securityfocus.com/archive/1/242750

Quick fix:
"If anonymous FTP is not enabled, valid user credentials are
required to exploit this vulnerability."



1. wu-ftpd Security Hole

There is a rather serious bug in the SCO port of wu-ftpd 2.4.  The file
support/sco.c, which is used when compiling under SCO 3.2, contains an
initgroups() routine since this routine is missing under SCO.  This
routine declares an array of group IDs as an "int" rather than a
"gid_t".  Since "gid_t" is a typedef for "short" on SCO, the array of
group IDs passed to setgroups() by initgroups() is effectively
corrupted.  In my particular case, this was resulting in users logged
in under their own user IDs to having unauthorized access to group 0,
(root), though results would vary based on actual group membership.

The file "sco.c" is also used by the ISC port of wu-ftpd, so that OS
may also be vulnerable.

The problem is easily fixed by declaring the array "groups" as "gid_t",
recompiling, and reinstalling.
John W. Temples, III       ||       Providing the first public access Internet
Gulfnet Kuwait             ||            site in the Arabian Gulf region

2. Page Faults/Segmentation Faults??

3. WU-FTPD security holes

4. Mount problem

5. wu-ftpd security hole affect FreeBSD?

6. natsemi chipset documentations ?

7. Security hole with WU-FTPD

8. Trouble with xmodmap and 4 button mouse

9. After fixing wu-ftpd hole

10. wu-ftpd hangs only on lan works fine from remote hosts

11. WU-FTPD- I can connect via localhost but not remote

12. wu-ftpd Running as Root

13. Root Directory for wu-ftpd