Debian Security Advisory

wu-ftpd -- remote root exploit in wu-ftpd

Date Reported:
22 Jun 2000
Affected Packages:
wu-ftpd, wu-ftpd-academ
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2000-0573.
More information:
The version of wu-ftpd distributed in Debian GNU/Linux 2.1 (a.k.a. slink), as well as in the frozen (potato) and unstable (woody) distributions, is vulnerable to a remote root compromise. The default configuration in all current Debian packages prevents the currently available exploits in the case of anonymous access, although local users could still possibly compromise the server.

This has been fixed in versions 2.4.2.16-13.1 (for slink) and 2.6.0-5.1 (for potato and woody), and we recommend that you update your wu-ftpd-academ (for slink) or wu-ftpd (for potato and woody) package immediately.

Fixed in:

Debian 2.1 (slink):

Source:
http://security.debian.org/dists/slink/updates/source/wu-ftpd-academ_2.4.2.16-13.1.diff.gz
http://security.debian.org/dists/slink/updates/source/wu-ftpd-academ_2.4.2.16-13.1.dsc
http://security.debian.org/dists/slink/updates/source/wu-ftpd-academ_2.4.2.16.orig.tar.gz
alpha:
http://security.debian.org/dists/slink/updates/binary-alpha/wu-ftpd-academ_2.4.2.16-13.1_alpha.deb
i386:
http://security.debian.org/dists/slink/updates/binary-i386/wu-ftpd-academ_2.4.2.16-13.1_i386.deb
m68k:
http://security.debian.org/dists/slink/updates/binary-m68k/wu-ftpd-academ_2.4.2.16-13.1_m68k.deb
sparc:
http://security.debian.org/dists/slink/updates/binary-sparc/wu-ftpd-academ_2.4.2.16-13.1_sparc.deb

Debian 2.2 (potato):

Source:
http://security.debian.org/dists/potato/updates/main/source/wu-ftpd_2.6.0-5.1.diff.gz
http://security.debian.org/dists/potato/updates/main/source/wu-ftpd_2.6.0-5.1.dsc
http://security.debian.org/dists/potato/updates/main/source/wu-ftpd_2.6.0.orig.tar.gz
alpha:
http://security.debian.org/dists/potato/updates/main/binary-alpha/wu-ftpd_2.6.0-5.1_alpha.deb
arm:
http://security.debian.org/dists/potato/updates/main/binary-arm/wu-ftpd_2.6.0-5.1_arm.deb
i386:
http://security.debian.org/dists/potato/updates/main/binary-i386/wu-ftpd_2.6.0-5.1_i386.deb
m68k:
http://security.debian.org/dists/potato/updates/main/binary-m68k/wu-ftpd_2.6.0-5.1_m68k.deb
powerpc:
http://security.debian.org/dists/potato/updates/main/binary-powerpc/wu-ftpd_2.6.0-5.1_powerpc.deb
sparc:
http://security.debian.org/dists/potato/updates/main/binary-sparc/wu-ftpd_2.6.0-5.1_sparc.deb