Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Security Update: [CSSA-2003.003.0] Linux: wget directory traversal and buffer overrun vulnerabilities

From: security () caldera com
Date: Thu, 16 Jan 2003 13:38:47 -0800
To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com 
full-disclosure@lists.netsys

______________________________________________________________________________

                        SCO Security Advisory

Subject:                Linux: wget directory traversal and buffer overrun vulnerabilities
Advisory number:        CSSA-2003-003.0
Issue date:             2003 January 16
Cross reference:
______________________________________________________________________________


1. Problem Description

        Stefano Zacchiroli found a buffer overrun in the url_filename
        function, which would make wget segfault on very long urls.

        Steven M. Christey discovered that wget did not verify the FTP
        server response to a NLST command: it must not contain any
        directory information, since that can be used to make a FTP
        client overwrite arbitrary files.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to wget-1.7.1-3.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to wget-1.7.1-3.i386.rpm

        OpenLinux 3.1 Server            prior to wget-1.7.1-3.i386.rpm

        OpenLinux 3.1 Workstation       prior to wget-1.7.1-3.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-003.0/RPMS

        4.2 Packages

        0adc5e5568cc589b9ab90ebb0e181e65        wget-1.7.1-3.i386.rpm

        4.3 Installation

        rpm -Fvh wget-1.7.1-3.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-003.0/SRPMS

        4.5 Source Packages

        b443ec3aa56abaa8236a88bffebba036        wget-1.7.1-3.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-003.0/RPMS

        5.2 Packages

        d5ef7e346ec79bead0cba20189904a11        wget-1.7.1-3.i386.rpm

        5.3 Installation

        rpm -Fvh wget-1.7.1-3.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-003.0/SRPMS

        5.5 Source Packages

        02c04170cbdef2de1b1f2c1a478681f7        wget-1.7.1-3.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-003.0/RPMS

        6.2 Packages

        7c2901898d0cc4d0bbb6132d82fefd0e        wget-1.7.1-3.i386.rpm

        6.3 Installation

        rpm -Fvh wget-1.7.1-3.i386.rpm

        6.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-003.0/SRPMS

        6.5 Source Packages

        b19f59dedcd9b2382a41c8af3cf056d0        wget-1.7.1-3.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-003.0/RPMS

        7.2 Packages

        fbba3488352d9617a0b3b6507633c312        wget-1.7.1-3.i386.rpm

        7.3 Installation

        rpm -Fvh wget-1.7.1-3.i386.rpm

        7.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-003.0/SRPMS

        7.5 Source Packages

        7a30085d938ad07bde1f67267910a71d        wget-1.7.1-3.src.rpm


8. References

        Specific references for this advisory:

                http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344
                http://www.kb.cert.org/vuls/id/210148

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr872622, fz526854,
        erg712181.


9. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


10. Acknowledgements

        Stefano Zacchiroli and Steve Christey (coley () mitre org)
        discovered and researched these vulnerabilities.

______________________________________________________________________________

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: