Also, I beleive that this problem occurs only in certain OS's vulnerable to
the getcwd() exploit, the ERRATA file, in the 2.6.0 source tree, lists them:
"Systems needing getcwd():
BSD 4.4 (bsd)
Unix 3.x (dec)
DG/UX (dgx)
Dynix (dyn)
generic (gen)
NeXTstep 2.x (nx2)
OSF/1 (osf)
Sony NewsOS (sny)"
So this exploit MIGHT be OS specific and certain OS's running versions prior
to 2.6.0 may not be affected. I did try building 2.6.0 under Solaris 7, and
there were some problems with using "ls".
Incidentally, there has been a patch available to address the getcwd() issue
on the ftp site for wu-ftpd that can be applied to 2.5.0.
-----Original Message-----
From: Richard Trott [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 20, 1999 5:17 PM
To: [EMAIL PROTECTED]
Subject: Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in
WU-FTPD
> WU-FTPD and BeroFTPD
>
> Vulnerability #1:
>
> Not vulnerable:
> versions 2.4.2 and all betas and earlier versions
> Vulnerable:
> wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15
> wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17
> wu-ftpd-2.5.0
> BeroFTPD, all versions
CERT appears to have left out wu-ftpd-2.6.0 (although they included it in
the lists for the other two vulnerabilities).
Version 2.6.0 does *not* have the "MAPPING_CHDIR Buffer Overflow"
vulnerability, at least if the ANNOUNCE-RELEASE file for that version is
to be believed. It reads, in part:
"Corrected an error in the MAPPING_CHDIR feature which could be used to
gain root privileges on the server."
Presumably, this refers to this vulnerability.
Rich
