Multiple ftpd libc Function Calls Signal Handling Privilege Escalation

2004-07-14T00:00:00
ID OSVDB:9737
Type osvdb
Reporter Przemyslaw Frasunek(venglin@freebsd.lublin.pl)
Modified 2004-07-14T00:00:00

Description

Vulnerability Description

Multiple ftpd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to improper signal handler operations. By sending a SIGURG signal over a TCP stream (OOB message) during libc function calls, a remote attacker could gain access to unauthorized privileges, resulting in a loss of integrity.

Solution Description

Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Short Description

Multiple ftpd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to improper signal handler operations. By sending a SIGURG signal over a TCP stream (OOB message) during libc function calls, a remote attacker could gain access to unauthorized privileges, resulting in a loss of integrity.

References:

Vendor URL: http://freshmeat.net/projects/tnftpd Vendor URL: http://www.pdc.kth.se/heimdal/ Security Tracker: 1010968 Secunia Advisory ID:12226 Secunia Advisory ID:12562 Secunia Advisory ID:12614 Related OSVDB ID: 8993 Related OSVDB ID: 9738 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200409-19.xml Other Advisory URL: http://www.debian.org/security/2004/dsa-551 Other Advisory URL: ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0355.html Keyword: ISS X-Force ID: 17020 CVE-2004-0794 Bugtraq ID: 10967