BID:2189 - wu-ftpd /tmp File Race Condition Vulnerability

wu-ftpd /tmp File Race Condition Vulnerability

BID:2189

Info

wu-ftpd /tmp File Race Condition Vulnerability

Bugtraq ID:	2189
Class:	Race Condition Error
CVE:
Remote:	No
Local:	Yes
Published:	Jan 10 2001 12:00AM
Updated:	Jan 10 2001 12:00AM
Credit:	This vulnerability was first announced by Greg KH <[email protected]> on January 10, 2001 via Bugtraq.
Vulnerable:	Wirex Immunix OS 7.0 -Beta Redhat Linux 7.0 Mandriva Linux Mandrake 7.2 Mandriva Linux Mandrake 7.1 Mandriva Linux Mandrake 7.0 Mandriva Linux Mandrake 6.1 Mandriva Linux Mandrake 6.0 MandrakeSoft Corporate Server 1.0.1 Debian Linux 2.2 sparc Debian Linux 2.2 powerpc Debian Linux 2.2 arm Debian Linux 2.2 alpha Debian Linux 2.2 68k Debian Linux 2.2

Not Vulnerable:

Discussion

wu-ftpd /tmp File Race Condition Vulnerability

wu-ftpd is an open source, freely available ftp daemon software package included with many distributions of the Linux Operating System. A problem in the software could allow a race condition.

The problem occurs in the creation and handling of files in the /tmp directory. The program privatepw within the software package creates files within the /tmp directory insecurely, first by using a predictable naming scheme for the files, and additionally by not checking for the existance of the file. It is possible to create a range of symbolic links using variants of the name of the wu-ftpd /tmp filename. This problem could allow a user to overwrite or append to and corrupt a file that the UID of the wu-ftpd process has write access to. The wu-ftpd process normally runs as root.

Exploit / POC

wu-ftpd /tmp File Race Condition Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Solution / Fix

wu-ftpd /tmp File Race Condition Vulnerability

Solution:
Upgrades available:

MandrakeSoft Corporate Server 1.0.1

MandrakeSoft 1.0.1 i386 wu-ftpd-2.6.1-8.6mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/1.0.1/1.0 .1/RPMS/wu-ftpd-2.6.1-8.6mdk.i586.rpm

Debian Linux 2.2 powerpc

Debian 2.2 noarch wu-ftpd-academ_2.6.0-5.2_all.deb
http://security.debian.org/dists/stable/updates/main/binary-all/wu-ftp d-academ_2.6.0-5.2_all.deb

Debian 2.2 ppc wu-ftpd_2.6.0-5.2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/wu -ftpd_2.6.0-5.2_powerpc.deb

Debian Linux 2.2

Debian 2.2 i386 wu-ftpd_2.6.0-5.2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/wu-ft pd_2.6.0-5.2_i386.deb

Debian 2.2 noarch wu-ftpd-academ_2.6.0-5.2_all.deb
http://security.debian.org/dists/stable/updates/main/binary-all/wu-ftp d-academ_2.6.0-5.2_all.deb

Debian Linux 2.2 alpha

Debian 2.2 alpha wu-ftpd_2.6.0-5.2_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/wu-f tpd_2.6.0-5.2_alpha.deb

Debian 2.2 noarch wu-ftpd-academ_2.6.0-5.2_all.deb
http://security.debian.org/dists/stable/updates/main/binary-all/wu-ftp d-academ_2.6.0-5.2_all.deb

Debian Linux 2.2 sparc

Debian 2.2 noarch wu-ftpd-academ_2.6.0-5.2_all.deb
http://security.debian.org/dists/stable/updates/main/binary-all/wu-ftp d-academ_2.6.0-5.2_all.deb

Debian 2.2 sparc wu-ftpd_2.6.0-5.2_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/wu-f tpd_2.6.0-5.2_sparc.deb

Debian Linux 2.2 arm

Debian 2.2 arm wu-ftpd_2.6.0-5.2_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/wu-ftp d_2.6.0-5.2_arm.deb

Debian 2.2 noarch wu-ftpd-academ_2.6.0-5.2_all.deb
http://security.debian.org/dists/stable/updates/main/binary-all/wu-ftp d-academ_2.6.0-5.2_all.deb

Debian Linux 2.2 68k

Debian 2.2 m68k wu-ftpd_2.6.0-5.2_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/wu-ft pd_2.6.0-5.2_m68k.deb

Debian 2.2 noarch wu-ftpd-academ_2.6.0-5.2_all.deb
http://security.debian.org/dists/stable/updates/main/binary-all/wu-ftp d-academ_2.6.0-5.2_all.deb

Mandriva Linux Mandrake 6.0

MandrakeSoft 6.0 i386 wu-ftpd-2.6.1-8.6mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/6.0/RPMS/wu-ftpd- 2.6.1-8.6mdk.i586.rpm

Mandriva Linux Mandrake 6.1

MandrakeSoft 6.1 i386 wu-ftpd-2.6.1-8.6mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.1/RPMS/ wu-ftpd-2.6.1-8.6mdk.i586.rpm

Wirex Immunix OS 7.0 -Beta

Wirex 7.0 i386 wu-ftpd-2.6.1-6_StackGuard_2.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/wu-ftpd-2.6.1-6 _StackGuard_2.i386.rpm

Mandriva Linux Mandrake 7.0

MandrakeSoft 7.0 i386 wu-ftpd-2.6.1-8.6mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/ wu-ftpd-2.6.1-8.6mdk.i586.rpm

Mandriva Linux Mandrake 7.1

MandrakeSoft 7.1 i386 wu-ftpd-2.6.1-8.6mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/ wu-ftpd-2.6.1-8.6mdk.i586.rpm

Mandriva Linux Mandrake 7.2

MandrakeSoft 7.2 i386 wu-ftpd-2.6.1-8.3mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ wu-ftpd-2.6.1-8.3mdk.i586.rpm

References

wu-ftpd /tmp File Race Condition Vulnerability

References: