WU-FTPD security holes

WU-FTPD security holes

Post by Yuan Jia » Sat, 25 May 1996 04:00:00

We are considering open up FTP services.  I'like to understand
the security issues.  Does any one have
the history of FTP security problems, and wu-ftpd guest
accounts in particular? What kind of things should I watch out for?

I understand I need to set the mode of /incoming to 0333
but 0444 for others.  What else?


Yuan Jiang, IFCSS CCIC administrator http://www.ifcss.org


1. wu-ftpd Security Hole

There is a rather serious bug in the SCO port of wu-ftpd 2.4.  The file
support/sco.c, which is used when compiling under SCO 3.2, contains an
initgroups() routine since this routine is missing under SCO.  This
routine declares an array of group IDs as an "int" rather than a
"gid_t".  Since "gid_t" is a typedef for "short" on SCO, the array of
group IDs passed to setgroups() by initgroups() is effectively
corrupted.  In my particular case, this was resulting in users logged
in under their own user IDs to having unauthorized access to group 0,
(root), though results would vary based on actual group membership.

The file "sco.c" is also used by the ISC port of wu-ftpd, so that OS
may also be vulnerable.

The problem is easily fixed by declaring the array "groups" as "gid_t",
recompiling, and reinstalling.
John W. Temples, III       ||       Providing the first public access Internet
Gulfnet Kuwait             ||            site in the Arabian Gulf region

2. swap

3. wu-ftpd security hole affect FreeBSD?

4. Sound Blaster LIve!

5. InfoMagic Mar95 wu.ftpd security hole fix.

6. NeXt dirent functions??

7. Diamond Stealth 64 Video & MAG MXP17F

8. Security hole with WU-FTPD

9. Wu-ftpd Remote Root Hole

10. After fixing wu-ftpd hole

11. WU-Ftpd Security Help Needed?

12. WU-FTPD 2.6 Security Problem