|
|
Family: Debian Local Security Checks --> Category: infos
[DSA457] DSA-457-1 wu-ftpd Vulnerability Scan
Vulnerability Scan Summary
DSA-457-1 wu-ftpd
Detailed Explanation for this Vulnerability Test
Two vulnerabilities were discovered in wu-ftpd:
Glenn Stewart discovered that users could bypass the
directory access restrictions imposed by the restricted-gid option by
changing the permissions on their home directory. On a subsequent
login, when access to the user's home directory was denied, wu-ftpd
would fall back to the root directory.
A buffer overflow existed in wu-ftpd's code which
deals with S/key authentication.
For the stable distribution (woody) these problems have been fixed in
version 2.6.2-3woody4.
For the unstable distribution (sid) these problems have been fixed in
version 2.6.2-17.1.
We recommend that you update your wu-ftpd package.
Solution : http://www.debian.org/security/2004/dsa-457
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
