Remote vulnerabilities in GSSFTP daemon - A remote attacker can preform denial of service attacks, and local users can get root access. Source distributions which may contain vulnerable code include MIT Kerberos 5 releases krb5-1.1 and krb5-1.1.1, while MIT Kerberos 5 releases krb5-1.0.x is not vulnerable.
1a2c3ea6b342adf0bc8373cd79e7c97b12b37dbc7002b216a38079705be27cc1
-----BEGIN PGP SIGNED MESSAGE-----
REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON
2000-06-14
SUMMARY:
A remote user may execute certain FTP commands without authorization.
IMPACT:
A remote user may perform denial of service attacks.
An attacker with access to a local account may gain unauthorized root
access.
VULNERABLE DISTRIBUTIONS:
Source distributions which may contain vulnerable code include:
MIT Kerberos 5 releases krb5-1.1 and krb5-1.1.1
The beta releases krb5-1.1.2-beta1 and krb5-1.2-beta2 are also
vulnerable.
NON-VULNERABLE DISTRIBUTIONS:
MIT Kerberos 5 releases krb5-1.0.x
FIXES:
If you are running a vulnerable FTP daemon, disable it immediately,
usually by commenting it out of your inetd.conf and sending a SIGHUP
to the inetd process.
To correct the bug, apply the following patch, rebuild, and reinstall
ftpd on the affected machines.
The upcoming krb5-1.2 release will correct this problem. There will
be a krb5-1.2-beta3 release later this week that will correct this
problem.
PATCHES:
These patches will apply against krb5-1.1.1, krb5-1.1.2-beta1, and
krb5-1.2-beta2. They will be made available on the web site at:
http://web.mit.edu/kerberos/www/advisories/ftpd_111_patch.txt
The MIT Kerberos security advisories page is at:
http://web.mit.edu/kerberos/www/advisories/index.html
Patches for other security problems as well as archives of security
advisory postings are located on that page.
Index: ftpcmd.y
===================================================================
RCS file: /cvs/krbdev/krb5/src/appl/gssftp/ftpd/ftpcmd.y,v
retrieving revision 1.14
diff -c -r1.14 ftpcmd.y
*** ftpcmd.y 1999/03/24 22:14:02 1.14
- --- ftpcmd.y 2000/06/14 17:35:19
***************
*** 865,871 ****
$$ = 0;
}
else
! $$ = 1;
}
;
%%
- --- 865,871 ----
$$ = 0;
}
else
! $$ = $1;
}
;
%%
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOUgGcabDgE/zdoE9AQF6EgP6Ay7pKAcq/nQ1w2fzKQPuvNcfWuKiCVR7
ZxHTljdhz6hI1COPsZQzEswqd2odkh1xJ0m8Tab1Ked1G569WZPLQt1LreFDnyKh
Vvy1mgwPg/EEMVvw6d7MRdgrIy7vlQswHbrAYyGMaibTSR1Rwx5Gc5cJFedP+o7M
95IoVsXNnPs=
=HCTV
-----END PGP SIGNATURE-----