Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.54167 |
Kategorie: | SuSE Local Security Checks |
Titel: | SuSE Security Advisory SUSE-SA:2001:043 (wuftpd) |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing updates announced in advisory SUSE-SA:2001:043. The wuftpd package as shipped with SuSE Linux distributions comes with two versions of wuftpd: wuftpd-2.4.2, installed as /usr/sbin/wuftpd, and wuftpd-2.6.0, installed as /usr/sbin/wuftpd-2.6. The admin decides which version to use by the inetd/xinetd configuration. The CORE ST Team had found an exploitable bug in all versions of wuftpd's ftpglob() function. The glob function overwrites buffer bounds while matching open and closed brackets. Due to a missing \0 at the end of the buffer a later call to a function that frees allocated memory will feed free(3) with userdefined data. This bug could be exploited depending on the implementation of the dynmaic allocateable memory API (malloc(3), free(3)) in the libc library. Linux and other system are exploitable! Some weeks ago, an internal source code audit of wu-ftpd 2.6.0 performed by Thomas Biege, SuSE Security, revealed some other security related bugs that are fixed in the new RPM packages. Additionally, code from wu-ftpd 2.6.1 were backported to version 2.6.0 to make it more stable. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2001:043 Risk factor : High |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |