Lucene search
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2004-096.NASLHistoryJul 06, 2004 - 12:00 a.m.
RHEL 2.1 : wu-ftpd (RHSA-2004:096)
2004-07-0600:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
An updated wu-ftpd package that fixes two security issues is now available.
The wu-ftpd package contains the Washington University FTP (File Transfer Protocol) server daemon. FTP is a method of transferring files between machines.
Glenn Stewart discovered a flaw in wu-ftpd. When configured with ‘restricted-gid home’, an authorized user could use this flaw to circumvent the configured home directory restriction by using chmod.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0148 to this issue.
Michael Hendrickx found a flaw in the S/Key login handling. On servers using S/Key authentication, a remote attacker could overflow a buffer and potentially execute arbitrary code.
Users of wu-ftpd are advised to upgrade to this updated package, which contains backported security patches and is not vulnerable to these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2004:096. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(12475);
script_version("1.28");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2003-1329", "CVE-2004-0148", "CVE-2004-0185");
script_xref(name:"RHSA", value:"2004:096");
script_name(english:"RHEL 2.1 : wu-ftpd (RHSA-2004:096)");
script_summary(english:"Checks the rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"An updated wu-ftpd package that fixes two security issues is now
available.
The wu-ftpd package contains the Washington University FTP (File
Transfer Protocol) server daemon. FTP is a method of transferring
files between machines.
Glenn Stewart discovered a flaw in wu-ftpd. When configured with
'restricted-gid home', an authorized user could use this flaw to
circumvent the configured home directory restriction by using chmod.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0148 to this issue.
Michael Hendrickx found a flaw in the S/Key login handling. On servers
using S/Key authentication, a remote attacker could overflow a buffer
and potentially execute arbitrary code.
Users of wu-ftpd are advised to upgrade to this updated package, which
contains backported security patches and is not vulnerable to these
issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2003-1329"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2004-0148"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2004-0185"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2004:096"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected wu-ftpd package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wu-ftpd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/31");
script_set_attribute(attribute:"patch_publication_date", value:"2004/03/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2004:096";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"wu-ftpd-2.6.1-22")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wu-ftpd");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | wu-ftpd | p-cpe:/a:redhat:enterprise_linux:wu-ftpd |
| redhat | enterprise_linux | 2.1 | cpe:/o:redhat:enterprise_linux:2.1 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1329
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0148
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0185
www.securiteam.com/unixfocus/6X00Q1P8KC.html
access.redhat.com/errata/RHSA-2004:096
access.redhat.com/security/cve/cve-2003-1329
access.redhat.com/security/cve/cve-2004-0148
access.redhat.com/security/cve/cve-2004-0185
Related
redhat
redhat
(RHSA-2004:096) wu-ftpd security update
2004-03-08 00:00:00
securityvulns
securityvulns
osv
osv
wu-ftpd - several vulnerabilities
2004-03-08 00:00:00
debian
debian
[SECURITY] [DSA 457-1] New wu-ftpd packages fix multiple vulnerabilities
2004-03-09 06:29:26
openvas
openvas
Debian: Security Advisory (DSA-457)
2008-01-17 00:00:00
Debian Security Advisory DSA 457-1 (wu-ftpd)
2008-01-17 00:00:00
FreeBSD Ports: wu-ftpd
2008-09-04 00:00:00
nessus
nessus
Debian DSA-457-1 : wu-ftpd - several vulnerabilities
2004-09-29 00:00:00
HP-UX PHNE_31732 : HP-UX Running wu-ftpd Local Unauthorized Access (HPSBUX01059 SSRT4704 rev.4)
2007-09-25 00:00:00
WU-FTPD restricted-gid Directory Access Restriction Bypass
2004-03-14 00:00:00
cve
cve
ubuntucve
ubuntucve
CVE-2004-0148
2004-04-15 00:00:00
CVE-2004-0185
2004-03-15 00:00:00
freebsd
freebsd
Related for REDHAT-RHSA-2004-096.NASL