Test Kennung:	1.3.6.1.4.1.25623.1.0.54167
Kategorie:	SuSE Local Security Checks
Titel:	SuSE Security Advisory SUSE-SA:2001:043 (wuftpd)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory SUSE-SA:2001:043. The wuftpd package as shipped with SuSE Linux distributions comes with two versions of wuftpd: wuftpd-2.4.2, installed as /usr/sbin/wuftpd, and wuftpd-2.6.0, installed as /usr/sbin/wuftpd-2.6. The admin decides which version to use by the inetd/xinetd configuration. The CORE ST Team had found an exploitable bug in all versions of wuftpd's ftpglob() function. The glob function overwrites buffer bounds while matching open and closed brackets. Due to a missing \0 at the end of the buffer a later call to a function that frees allocated memory will feed free(3) with userdefined data. This bug could be exploited depending on the implementation of the dynmaic allocateable memory API (malloc(3), free(3)) in the libc library. Linux and other system are exploitable! Some weeks ago, an internal source code audit of wu-ftpd 2.6.0 performed by Thomas Biege, SuSE Security, revealed some other security related bugs that are fixed in the new RPM packages. Additionally, code from wu-ftpd 2.6.1 were backported to version 2.6.0 to make it more stable. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2001:043 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.