"If anonymous FTP is not enabled, valid user credentials are
required to exploit this vulnerability."
There is a rather serious bug in the SCO port of wu-ftpd 2.4. The file
support/sco.c, which is used when compiling under SCO 3.2, contains an
initgroups() routine since this routine is missing under SCO. This
routine declares an array of group IDs as an "int" rather than a
"gid_t". Since "gid_t" is a typedef for "short" on SCO, the array of
group IDs passed to setgroups() by initgroups() is effectively
corrupted. In my particular case, this was resulting in users logged
in under their own user IDs to having unauthorized access to group 0,
(root), though results would vary based on actual group membership.
The file "sco.c" is also used by the ISC port of wu-ftpd, so that OS
may also be vulnerable.
The problem is easily fixed by declaring the array "groups" as "gid_t",
recompiling, and reinstalling.
John W. Temples, III || Providing the first public access Internet
Gulfnet Kuwait || site in the Arabian Gulf region
2. Page Faults/Segmentation Faults??
5. wu-ftpd security hole affect FreeBSD?
6. natsemi chipset documentations ?
8. Trouble with xmodmap and 4 button mouse
10. wu-ftpd hangs only on lan works fine from remote hosts
11. WU-FTPD- I can connect via localhost but not remote
13. Root Directory for wu-ftpd