ISS X-Force Database: ftp-ftpd(449): FTP signal handling code root compromise

FTP signal handling code root compromise

ftp-ftpd (449)

High Risk

Description:

The FTP daemon is vulnerable to a race condition that could allow a remote attacker to read arbitrary files on the system. A vulnerability in the signal handling code could allow a remote attacker to read arbitrary files on the victim�s server with root privileges, and, depending on the configuration, create or write arbitrary files with root privileges. In order to exploit this vulnerability, an attacker must have access, including anonymous, to the computer.

Consequences:

File Manipulation

Remedy:

For FreeBSD:
Upgrade to the latest version of FreeBSD (FreeBSD-current dated 1997/01/27 or later), as listed in CERT Advisory CA-1997-16. See References.

IBM AIX 3.2:
Apply APAR IX65536 patch, as listed in CERT Advisory CA-1997-16. See References.

IBM AIX 4.1:
Apply APAR IX65537 patch, as listed in CERT Advisory CA-1997-16. See References.

IBM AIX 4.2:
Apply APAR IX65538 patch, as listed in CERT Advisory CA-1997-16. See References.

OpenBSD:
Upgrade to the latest version of OpenBSD (2.0-current dated 1997/01/05 or later), as listed in CERT Advisory CA-1997-16. See References.

For other distributions:

Contact your vendor for upgrade or patch information.

As a workaround, disable FTP service on a vulnerable computer until you can apply the patch(es) from your vendor.

References:

AusCERT Advisory AA-97.03: ftpd Signal Handling Vulnerability.
CERT Advisory CA-1997-16: ftpd Signal Handling Vulnerability.
SGI Security Advisory 19970801-01-PX: IRIX ftpd Signal Handling Vulnerability.
CVE-1999-0035: Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.

Platforms Affected:

FreeBSD FreeBSD 2.1.0
FreeBSD FreeBSD 2.1.5
FreeBSD FreeBSD 2.1.6
FreeBSD FreeBSD 2.1.6.1
FreeBSD FreeBSD 2.1.7
FreeBSD FreeBSD 2.1.7.1
HP HP-UX 10.00
HP HP-UX 10.01
HP HP-UX 10.02
HP HP-UX 10.03
HP HP-UX 10.08
HP HP-UX 10.09
HP HP-UX 10.10
HP HP-UX 10.16
HP HP-UX 10.20
HP HP-UX 10.24
HP HP-UX 10.26
HP HP-UX 10.30
HP HP-UX 10.34
HP HP-UX 9.00
HP HP-UX 9.01
HP HP-UX 9.03
HP HP-UX 9.04
HP HP-UX 9.05
HP HP-UX 9.06
HP HP-UX 9.07
HP HP-UX 9.08
HP HP-UX 9.09
HP HP-UX 9.10
IBM AIX 3.2
IBM AIX 4.1
IBM AIX 4.2
IETF FTP
OpenBSD OpenBSD 2.0
RedHat Linux 4.0
WindRiver BSDOS 2.1

Reported:

May 01, 1997

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page