=========================================================================== SCO Security Bulletin 2000.14 (SB-00.14c) 9 August 2000 --------------------------------------------------------------------------- Two Input Validation Problems In wu-FTPD - CA-2000-13 --------------------------------------------------------------------------- I. Description A recent CERT Advisory CA-2000-13 (http://www.cert.org/advisories/CA-2000-13.html) refers to two input validation problems in versions 2.6.0 or earlier of wuftp. The ftpd binary provided with all versions of UnixWare 7 is a patched version of wu-2.4.2-academ-15, which has this vulnerability. The ftpd binary provided with OpenServer is a heavily patched version of wuftpd-2.1 which has the same vulnerability. This problem is corrected in OpenServer 5.0.6. II. Impact Local or remote users logged into the ftp daemon may be able execute arbitrary code as root. An anonymous ftp user may also be able to execute arbitrary code as root. III. Releases UnixWare 7.1.0 and 7.1.1. OpenServer version 5.0.5 or earlier IV. Solution SCO is providing an interim patch to address this issue in the form of a System Security Enhancement (SSE) package for Openserver and ptfs for UnixWare 7.1.0 and 7.1.1. These packages contain a replacement ftpd binary. ptf7658a contains replacement binaries for UnixWare 7.1.1, and is available for Internet download via anonymous ftp and http. You can download this ptf as follows: Anonymous ftp (World Wide Web URL): ftp://ftp.sco.COM/SSE/ptf7658a.txt (cover letter, ASCII text) ftp://ftp.sco.COM/SSE/ptf7658a.Z (new binaries, pkgadd format) Checksums (sum -r): 50491 5 ptf7658a.txt 31887 264 ptf7658a.Z ptf7449a contains replacement binaries for UnixWare 7.1.0, and is available for Internet download via anonymous ftp and http. You can download this ptf as follows: Anonymous ftp (World Wide Web URL): ftp://ftp.sco.COM/SSE/ptf7449a.txt (cover letter, ASCII text) ftp://ftp.sco.COM/SSE/ptf7449a.Z (new binaries, pkgadd format) Checksums (sum -r): 33980 5 ptf7449a.txt 24529 264 ptf7449a.Z SSE070 contains replacement binaries for OpenServer5.0.5 or earlier, and is available for Internet download via anonymous ftp and http. You can download the SSE package as follows: Anonymous ftp (World Wide Web URL): ftp://ftp.sco.COM/SSE/sse070b.ltr (cover letter, ASCII text) ftp://ftp.sco.COM/SSE/sse070b.tar.Z (new binaries, compressed tar file) Checksums (sum -r): 17058 5 sse070b.ltr 27700 190 sse070b.tar.Z V. Updates This bulletin is available for anonymous ftp download from ftp://ftp.sco.COM/SSE/security_bulletins/SB-00.14c, and will be updated as new information becomes available. The latest information on security vulnerabilities and fixes from SCO is available on the world-wide web at http://www.sco.com/security/ VI. Further Information: If you have further questions, contact your support provider. If you need to contact SCO, please send electronic mail to support@sco.COM, or contact SCO as follows. USA/Canada: 6am-5pm Pacific Time (PST/PDT) ----------- 1-800-347-4381 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific ------------------------------------------------ Time (PST/PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST) ---------------------------- +44 (0)1923 816344 (voice) +44 (0)1923 817781 (fax)