wu-ftpd -- several vulnerabilities

2004-03-08T00:00:00
ID DSA-457
Type debian
Reporter Debian
Modified 2004-03-08T00:00:00

Description

Two vulnerabilities were discovered in wu-ftpd:

Glenn Stewart discovered that users could bypass the directory access restrictions imposed by the restricted-gid option by changing the permissions on their home directory. On a subsequent login, when access to the user's home directory was denied, wu-ftpd would fall back to the root directory.

A buffer overflow existed in wu-ftpd's code which deals with S/key authentication.

For the stable distribution (woody) these problems have been fixed in version 2.6.2-3woody4.

For the unstable distribution (sid) these problems have been fixed in version 2.6.2-17.1.

We recommend that you update your wu-ftpd package.