First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 111573
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Wernfried Haas <amne@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
linux-ftpd-0.17+ssl-0.3-overflowpatch.diff fixes BOF in reply() in ftpd.c ssl version - vsprintf to vsnprintf patch James Longstreet 2005-11-05 15:16 0000 532 bytes Details | Diff
linux-ftpd-0.17-ssl.patch linux-ftpd-0.17-ssl.patch patch solar 2005-11-06 06:55 0000 35.60 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 111573 depends on: Show dependency tree
Bug 111573 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-11-05 10:08 0000 
http://seclists.org/lists/fulldisclosure/2005/Nov/0140.html describes a hole in
linux-ftpd-ssl. I don't know if the exploit works and i'm not even sure if it
even affects Gentoo, but there's 
*  net-ftp/ftpd
      Latest version available: 0.17-r1
      Description: The netkit FTP server with optional SSL support
in portage. I assume this could be the same ftpd the mail is about. If not -
sorry for the waste of time. ;-)

Reproducible: Always
Steps to Reproduce:

------- Comment #1 From Tavis Ormandy (RETIRED) 2005-11-05 11:05:32 0000 ------- 
Looks for real, the vsprintf in reply() looks like the target.

------- Comment #2 From James Longstreet 2005-11-05 15:16:43 0000 ------- 
Created an attachment (id=72248) [details]
fixes BOF in reply() in ftpd.c ssl version - vsprintf to vsnprintf

simple patch, apply after applying linux-ftpd-0.17+ssl-0.3.diff.

------- Comment #3 From Thierry Carrez (RETIRED) 2005-11-06 02:46:43 0000 ------- 
No maintainer, security should patch it asap.

------- Comment #4 From Thierry Carrez (RETIRED) 2005-11-06 02:57:54 0000 ------- 
Downgrading as it needs some kind of power-user access (ftp user with write
access). Should still be patched though :)

------- Comment #5 From Daniel Black 2005-11-06 04:31:49 0000 ------- 
ftpd-0.17-r2 added with minimal testing

------- Comment #6 From solar 2005-11-06 06:55:14 0000 ------- 
Created an attachment (id=72306) [details]
linux-ftpd-0.17-ssl.patch

The ssl patch in general is pretty messy and there are lots of assumptions made

with buffers. Lots of code in the addon patch was simply #if 0 .. #endif which 

made up for alot of it's size. The patch is also in $FILESDIR is also
compressed. 
(more slop) We need to move that out of there and onto the mirrors with a
proper 
name. Attached is a smaller untested patch which cleans up things I did not
care 
for/trust with the patch/pkg in question.

------- Comment #7 From Sune Kloppenborg Jeppesen 2005-11-06 08:02:31 0000 ------- 
Daniel, is -r2 ready to be marked stable otherwise plase provide an updated 
ebuild.

------- Comment #8 From Daniel Black 2005-11-09 13:37:46 0000 ------- 
ftpd-0.17-r3 ready thanks to Ned

------- Comment #9 From Mark Loeser 2005-11-09 18:16:59 0000 ------- 
Stable on x86

------- Comment #10 From Jason Wever (RETIRED) 2005-11-09 19:19:29 0000 ------- 
Keep on SPARCin'

------- Comment #11 From Jose Luis Rivero (yoswink) 2005-11-10 14:24:00 0000 ------- 
alpha stable.

------- Comment #12 From Simon Stelling (RETIRED) 2005-11-11 07:44:17 0000 ------- 
amd64 stable

------- Comment #13 From Thierry Carrez (RETIRED) 2005-11-13 09:59:00 0000 ------- 
GLSA 200511-11
First Last Prev Next    No search results available      Search page      Enter new bug