From owner-doc-jp@jp.freebsd.org  Thu Sep  9 21:12:49 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id VAA42606;
	Thu, 9 Sep 1999 21:12:49 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from jiyu.net ([209.100.98.61])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id VAA42601
	for <doc-jp@jp.freebsd.org>; Thu, 9 Sep 1999 21:12:48 +0900 (JST)
	(envelope-from daichi@ongs.net)
Received: from localhost (dns001.thn.ne.jp [210.141.251.14])
	by jiyu.net (8.8.5/8.8.5) with ESMTP id VAA07687
	for <doc-jp@jp.freebsd.org>; Thu, 9 Sep 1999 21:15:50 +0900
To: doc-jp@jp.freebsd.org
In-Reply-To: Your message of "Thu, 09 Sep 1999 20:34:22 +0900 (JST)"
	<199909091134.UAA00465@splpe481.ccs.mt.nec.co.jp>
References: <199909091134.UAA00465@splpe481.ccs.mt.nec.co.jp>
X-Mailer: Mew version 1.93 on XEmacs 20.4 (Emerald)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19990909211847K.daichi@ongs.net>
Date: Thu, 09 Sep 1999 21:18:47 +0900
From: "Daichi T.GOTO" <daichi@ongs.net>
X-Dispatcher: imput version 980905(IM100)
Lines: 143
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: doc-jp 6617
Subject: [doc-jp 6617] Re: About recent ANNOUNCE Mail.
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: daichi@ongs.net

$BBgCO$G$9(B :)


From: Atushi Sakauchi <sakauchi@micon.co.jp>
Subject: [doc-jp 6614] Re: About recent ANNOUNCE Mail.
Date: Thu, 09 Sep 1999 20:10:22 +0900

> $B:dFb$G$9!#(B
> (snip) 
> ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-99:03.ftpd
> $B5R@h8~$1$KK]Lu$7$?$b$N$,$"$j$^$9!#(B

$B$*Hh$lMM$G$"$j$^$9(B m(_ _)m





From: Koga Youichirou <y-koga@jp.freebsd.org>
Subject: [doc-jp 6615] Re: About recent ANNOUNCE Mail.
Date: Thu, 09 Sep 1999 20:34:22 +0900 (JST)

> (snip)
> $B$/$i$$$G$7$g$&$+!#(B
> ----
> $B$3$,$h$&$$$A$m$&(B

$BN;2r!#(B





$BK]LuJ8>O$r%"%J%&%s%97A<0$K$^$H$a$^$7$?!#(BPGP $B$K$D$$$F$O!"A02s(B PGP $BJ8=q$,(B
$B$"$C$?$H$-$HF1$8$h$&$K$7$^$7$?!#$4;XE&$*4j$$$7$^$9!#(B 





-------------------------------
  $B$3$N%a!<%k$O(B freebsd-announce $B$KN.$l$?(B

Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-99:03.ftpd
From: FreeBSD Security Officer <security-officer@freebsd.org>
Date: Tue, 7 Sep 1999 10:20:19 -0600 (MDT)
Message-Id: <199909071620.KAA13314@harmony.village.org>

$B$rF|K\8lLu$7$?$b$N$G$9(B. 
  $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
$B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r9T(B
$B$J$&$K$O86J8$r;2>H$7$F$/$@$5$$(B. 
  $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.freebsd.org $B$^$G(B
$B$*4j$$$7$^$9(B. 
                                     $BK]Lu(B : $B:dFb(B $BFX(B <sakauchi@yamame.to>
------------------------------------------------------------------------
$B$*CN$i$;(B: FreeBSD $B%;%-%e%j%F%#4+9p(B: FreeBSD-SA-99:03.ftpd


$B%H%T%C%/(B:             Two ftp daemons in ports vulnerable to attack.

$B<oN`(B:                 ports
$B%b%8%e!<%k(B:           wu-ftpd $B$*$h$S(B proftpd
$B9pCNF|(B:               1999$BG/(B 9$B7n(B 5$BF|(B
$B1F6ABP>](B:             FreeBSD 3.2 ($B$*$h$S(B 3.2 $B0JA0$N%P!<%8%g%s(B)
		              $B=$@5$5$l$k0JA0$N(B FreeBSD-current.
$B=$@5:Q(B:               FreeBSD-3.3 RELEASE
		              1999$BG/(B 8$B7n(B 30$BF|0J9_$N(B FreeBSD-current
FreeBSD $B$@$1$NLdBj$+(B: $BH](B

Patches:              $B$J$7(B



I.   Background    

wuftpd and proftpd have a flaw which can lead to a remote root
compromise.  They are both vulnerable since they are both based on a
code base that is vulnerable.

I.   $BGX7J(B

wuftpd $B$H(B proftpd $B$K$O(B, $B%j%b!<%H$+$i4IM}<T8"8B$rC%$o$l$k2DG=@-$,$"$k$H$$(B
$B$&%;%-%e%j%F%#>e$N<eE@$,$"$j$^$9(B. 
$B$I$A$i$bLdBj$N$"$kF1$8%3!<%I$r%Y!<%9$K$7$F$$$k$N$G(B, $BF1$8LdBj$r;}$C$F$$$^(B
$B$9(B. 




II.  Problem Description

Remote users can gain root via a buffer overflow.

II.  $BLdBj$N2r@b(B

$B%j%b!<%H$N%f!<%6$,(B, $B%P%C%U%!%*!<%P%U%m!<$rMxMQ$7$F(B root $B8"8B$rF@$k$3$H$,(B
$B$G$-$^$9(B. 




III. Impact

Remote users can gain root.

III. $B1F6A(B

$B%j%b!<%H$N%f!<%6$,(B root $B8"8B$rF@$k$3$H$,$G$-$^$9(B. 




IV.  Workaround

Disable the ftp daemon until you can upgrade your system.

IV.  $BBP1~:v(B

$B%"%C%W%0%l!<%I$,40N;$9$k$^$G(B ftp $B%G!<%b%s$rDd;_$7$^$9(B. 



V.   Solution

Upgrade your wu-ftpd or proftpd ports to the most recent versions (any
version after August 30, 1999 is not impacted by this problem).  If
you are running non-port versions, you should verify that your version
is not vulnerable or upgrade to using the ports version of these
programs.

V.   $B2r7h:v(B

wu-ftpd $B$^$?$O(B proftpd $B$N(B ports $B$r:G?7$N%P!<%8%g%s(B (1999$BG/(B 8$B7n(B 30$BF|0J9_(B
$B$N$b$N$K$D$$$F$O2r7h:Q$_(B) $B$K%"%C%W%0%l!<%I$7$F$/$@$5$$(B. ports $B$rMxMQ$7$F(B
$B$$$J$$>l9g(B, $BLdBj$,$J$$%P!<%8%g%s$G$"$k$+$I$&$+$r3NG'$9$k$+(B, ports $B$rMxMQ(B
$B$7$F%"%C%W%0%l!<%I$7$^$7$g$&(B. 

------------------------------------------------------------------------

----
 Daichi T.GOTO (ONGS)
    http://www.ongs.net/daichi, daichi@ongs.net
