[Full-Disclosure] [ GLSA 200409-27 ] glFTPd: Local buffer overflow vulnerability

From: Thierry Carrez (koon_at_gentoo.org)
Date: 09/21/04

  • Next message: Barry Fitzgerald: "Re: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm"
    To: gentoo-announce@lists.gentoo.org
    Date: Tue, 21 Sep 2004 22:46:20 +0200
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 200409-27
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      Severity: Normal
         Title: glFTPd: Local buffer overflow vulnerability
          Date: September 21, 2004
          Bugs: #64809
            ID: 200409-27

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    glFTPd is vulnerable to a local buffer overflow which may allow
    arbitrary code execution.

    Background
    ==========

    glFTPd is a highly configurable FTP server with many features.

    Affected packages
    =================

        -------------------------------------------------------------------
         Package / Vulnerable / Unaffected
        -------------------------------------------------------------------
      1 net-ftp/glftpd < 1.32-r1 >= 1.32-r1

    Description
    ===========

    The glFTPd server is vulnerable to a buffer overflow in the 'dupescan'
    program. This vulnerability is due to an unsafe strcpy() call which can
    cause the program to crash when a large argument is passed.

    Impact
    ======

    A local user with malicious intent can pass a parameter to the dupescan
    program that exceeds the size of the buffer, causing it to overflow.
    This can lead the program to crash, and potentially allow arbitrary
    code execution with the permissions of the user running glFTPd, which
    could be the root user.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All glFTPd users should upgrade to the latest version:

        # emerge sync

        # emerge -pv ">=net-ftp/glftpd-1.32-r1"
        # emerge ">=net-ftp/glftpd-1.32-r1"

    References
    ==========

      [ 1 ] BugTraq Advisory

    http://www.securityfocus.com/archive/1/375775/2004-09-17/2004-09-23/0
      [ 2 ] glFTPd Announcement

    http://www.glftpd.com/modules.php?op=modload&name=News&file=article&sid=23&mode=thread&order=0&thold=0

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

      http://security.gentoo.org/glsa/glsa-200409-27.xml

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users machines is of utmost
    importance to us. Any security concerns should be addressed to
    security@gentoo.org or alternatively, you may file a bug at
    http://bugs.gentoo.org.

    License
    =======

    Copyright 2004 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/1.0

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFBUJMcvcL1obalX08RAtkwAJ0fmWv3UebPX9CaHyvO6ESgpV6JUwCgojQA
    dDLOoO539THNdr4aN2PrJD8=
    =GNfu
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Barry Fitzgerald: "Re: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm"

    Relevant Pages

    • [ GLSA 200409-27 ] glFTPd: Local buffer overflow vulnerability
      ... glFTPd is a highly configurable FTP server with many features. ... The glFTPd server is vulnerable to a buffer overflow in the 'dupescan' ... This vulnerability is due to an unsafe strcpycall which can ... Security is a primary focus of Gentoo Linux and ensuring the ...
      (Bugtraq)
    • [ GLSA 200409-27 ] glFTPd: Local buffer overflow vulnerability
      ... glFTPd is a highly configurable FTP server with many features. ... The glFTPd server is vulnerable to a buffer overflow in the 'dupescan' ... This vulnerability is due to an unsafe strcpycall which can ... Security is a primary focus of Gentoo Linux and ensuring the ...
      (Full-Disclosure)
    • [UNIX] Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon
      ... Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ...
      (Securiteam)
    • Re: Casestudy abt how to exploit vulnerabilities
      ... OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability ... Concerned about Web Application Security? ... vulnerability management needs. ...
      (Pen-Test)
    • Re: AT&T to limit unlimited data plans to 5GB a month?
      ... US-CERT Vulnerability Note VU#112179 ... Apple QuickTime RTSP Response message Reason-Phrase buffer overflow ... According to Bruce Schneier, "Security is a process, not a product." ...
      (alt.cellular.cingular)