Mandriva

Package name wu-ftpd Date November 29th, 2001 Advisory ID MDKSA-2001:090 Affected versions 7.1, 7.2, 8.0, 8.1, CS1.0 Synopsis Updated wu-ftpd packages fix potential remote root compromise

Problem Description

A vulnerability in wu-ftpd's ftpglob() function was found by the CORE
ST team. This vulnerability can be exploited to obtain root access on
the FTP server.

Updated Packages

Mandrakelinux 7.1

 d8bf0ffaa36f4be0d82d2a497ca97012  7.1/RPMS/wu-ftpd-2.6.1-8.7mdk.i586.rpm
8527aaf8ead9756af936518cdcf0bf19  7.1/SRPMS/wu-ftpd-2.6.1-8.7mdk.src.rpm

Mandrakelinux 7.2

 be0ad73a7e3559ded06615df10467cbe  7.2/RPMS/wu-ftpd-2.6.1-8.8mdk.i586.rpm
02a177500ce246b536980c8884cc40fb  7.2/SRPMS/wu-ftpd-2.6.1-8.8mdk.src.rpm

Mandrakelinux 8.0

 d56665d8af147c90ac6db88d1c87ff03  8.0/RPMS/wu-ftpd-2.6.1-11.1mdk.i586.rpm
c85387ec082fd92d82d36192b96ab85b  8.0/SRPMS/wu-ftpd-2.6.1-11.1mdk.src.rpm

Mandrakelinux 8.0/PPC

 6fd48b377e4b0ea445e4c8efe46589bd  ppc/8.0/RPMS/wu-ftpd-2.6.1-11.1mdk.ppc.rpm
c85387ec082fd92d82d36192b96ab85b  ppc/8.0/SRPMS/wu-ftpd-2.6.1-11.1mdk.src.rpm

Mandrakelinux 8.1

 108dde2929cf812461b29bd8503b8cfc  8.1/RPMS/wu-ftpd-2.6.1-11.1mdk.i586.rpm
c85387ec082fd92d82d36192b96ab85b  8.1/SRPMS/wu-ftpd-2.6.1-11.1mdk.src.rpm

Corporate Server 1.0.1

 d8bf0ffaa36f4be0d82d2a497ca97012  1.0.1/RPMS/wu-ftpd-2.6.1-8.7mdk.i586.rpm
8527aaf8ead9756af936518cdcf0bf19  1.0.1/SRPMS/wu-ftpd-2.6.1-8.7mdk.src.rpm

References

http://online.securityfocus.com/bid/3581

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.