ISS X-Force Database: palmetto-ftpd-bo(1728): FTP remote buffer overflows allow root access

FTP remote buffer overflows allow root access

palmetto-ftpd-bo (1728)

High Risk

Description:

ProFTPD could allow a remote attacker to execute arbitrary commands as root. By default, these servers are installed on many operating systems, including Slackware and Red Hat Linux distributions.

Platforms Affected:

Apple, Mac OS
Compaq, Tru64
Data General, DG/UX
Digital, OSF 1.0
FreeBSD, FreeBSD
HP, HP-UX
IBM, AIX
IBM, OS2
Linux, Kernel
Microsoft, Windows 2000
Microsoft, Windows 2003 Server
Microsoft, Windows 95
Microsoft, Windows 98
Microsoft, Windows 98SE
Microsoft, Windows Me
Microsoft, Windows NT 4.0
Microsoft, Windows XP
OpenBSD, OpenBSD
ProFTPD, ProFTPD
SCO, SCO Unix
SGI, IRIX
Sun, Solaris
Washington University, WU-FTPD
WindRiver, BSDOS

Remedy:

Upgrade to the latest version of ProFTPD (1.2.0pre2 or later), as listed in BindView Security Advisory, February 9, 1999. See References.

— OR —

Apply the 1.2.0pre1 patch, as listed in BindView Security Advisory, February 9, 1999. See References.

— AND —

Upgrade to the latest version of wu-ftpd (2.4.2 BETA 18 VR10 or later), as listed in BindView Security Advisory, February 9, 1999. See References.

Note: This vulnerability relies on the presence of long directory path structure. As a workaround, restrict access to world writable directories for FTP users.

Consequences:

Gain Access

References:

BindView RAZOR Security Advisory, February 9, 1999, Palmetto Technical Advisory at http://razor.bindview.com/publish/advisories/adv_palmetto.html.
Caldera International, Inc. Security Advisory CSSA-1999-004.0, Buffer overflow in wu-ftpd at ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999:004.0.txt.
Caldera International, Inc. Security Advisory CSSA-1999-004.0, Buffer overflow in wu-ftpd at ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999:004.0.txt.
CERT Advisory CA-1999-03, Remote buffer overflows in various FTP servers leads to potential root compromise at http://www.cert.org/advisories/CA-1999-03.html.
CIAC Information Bulletin J-029, Buffer Overflows in Various FTP Servers at http://www.ciac.org/ciac/bulletins/j-029.shtml.
Debian Security Advisory 19990210, Debian FTP packages: Buffer overflow in some ftp servers at http://www.debian.org/security/1999/19990210.
Red Hat, Inc. Linux 5.2 (Apollo) General Errata, wu-ftpd: Security Fix at http://www.redhat.com/support/docs/rhl/rh52-errata-general.html#wu-ftpd.
BID-113: Multiple Vendor FTPD realpath Vulnerability
BID-2242: Multiple Vendor FTP Long Path Buffer Overflow Vulnerability
CVE-1999-0368: Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

Reported:

Feb 09, 1999

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page