![[LWN Logo]](/images/lc.png)
![[Timeline]](/images/Included.png)
|
|
|
|
Date: Wed, 14 Jun 2000 18:36:03 -0400 From: Tom Yu <tlyu@MIT.EDU> Subject: Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON To: BUGTRAQ@SECURITYFOCUS.COM -----BEGIN PGP SIGNED MESSAGE----- REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON 2000-06-14 SUMMARY: A remote user may execute certain FTP commands without authorization. IMPACT: A remote user may perform denial of service attacks. An attacker with access to a local account may gain unauthorized root access. VULNERABLE DISTRIBUTIONS: Source distributions which may contain vulnerable code include: MIT Kerberos 5 releases krb5-1.1 and krb5-1.1.1 The beta releases krb5-1.1.2-beta1 and krb5-1.2-beta2 are also vulnerable. NON-VULNERABLE DISTRIBUTIONS: MIT Kerberos 5 releases krb5-1.0.x FIXES: If you are running a vulnerable FTP daemon, disable it immediately, usually by commenting it out of your inetd.conf and sending a SIGHUP to the inetd process. To correct the bug, apply the following patch, rebuild, and reinstall ftpd on the affected machines. The upcoming krb5-1.2 release will correct this problem. There will be a krb5-1.2-beta3 release later this week that will correct this problem. PATCHES: These patches will apply against krb5-1.1.1, krb5-1.1.2-beta1, and krb5-1.2-beta2. They will be made available on the web site at: http://web.mit.edu/kerberos/www/advisories/ftpd_111_patch.txt The MIT Kerberos security advisories page is at: http://web.mit.edu/kerberos/www/advisories/index.html Patches for other security problems as well as archives of security advisory postings are located on that page. Index: ftpcmd.y =================================================================== RCS file: /cvs/krbdev/krb5/src/appl/gssftp/ftpd/ftpcmd.y,v retrieving revision 1.14 diff -c -r1.14 ftpcmd.y *** ftpcmd.y 1999/03/24 22:14:02 1.14 - --- ftpcmd.y 2000/06/14 17:35:19 *************** *** 865,871 **** $$ = 0; } else ! $$ = 1; } ; %% - --- 865,871 ---- $$ = 0; } else ! $$ = $1; } ; %% -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOUgGcabDgE/zdoE9AQF6EgP6Ay7pKAcq/nQ1w2fzKQPuvNcfWuKiCVR7 ZxHTljdhz6hI1COPsZQzEswqd2odkh1xJ0m8Tab1Ked1G569WZPLQt1LreFDnyKh Vvy1mgwPg/EEMVvw6d7MRdgrIy7vlQswHbrAYyGMaibTSR1Rwx5Gc5cJFedP+o7M 95IoVsXNnPs= =HCTV -----END PGP SIGNATURE-----