|
Wu-ftpd S/key验证缓冲区溢出漏洞(1) 受影响系统:
Washington University wu-ftpd 2.6.1
Washington University wu-ftpd 2.6.0
Washington University wu-ftpd 2.6.2
- Debian Linux 3.0
描述:
--------------------------------------------------------------------------------
CVE(CAN) ID: CAN-2004-0185
Wu-ftpd是一个基于BSD ftpd的FTP服务器程序,由华盛顿大学维护。
Wu-ftpd处理S/key验证的代码存在缓冲区溢出,远程攻击者可以利用这个漏洞可能以Wu-ftpd进程权限在系统上执行任意指令。
目前没有提供详细漏洞细节。
<*来源:Debian Security Advisory
链接:http://www.debian.org/security/2002/dsa-457
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-457-1)以及相应补丁:
DSA-457-1:New wu-ftpd packages fix multiple vulnerabilities
链接:http://www.debian.org/security/2002/dsa-457
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4.dsc
Size/MD5 checksum: 607 ced69dc6017f9afd9ea2e993e5570084
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4.diff.gz
Size/MD5 checksum: 100777 399c02a6d064f2aef676fba75db3964a
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2.orig.tar.gz
Size/MD5 checksum: 354784 b3c271f02aadf663b8811d1bff9da3f6
Architecture independent components:
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd-academ_2.6.2-3woody4_all.deb
Size/MD5 checksum: 3482 ef0f9788eecfa4290bbcea8e259b48e2
Alpha architecture:
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_alpha.deb
Size/MD5 checksum: 291786 5d9f21b554fc210956d2e46e7e817bc8
ARM architecture:
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_arm.deb
Size/MD5 checksum: 265480 0820e29ec495c37629c79018bab2d267
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_i386.deb
| 
