From owner-doc-jp@jp.freebsd.org  Mon Jul 10 00:25:15 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id AAA33321;
	Mon, 10 Jul 2000 00:25:15 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from sta.att.ne.jp (sta.att.ne.jp [165.76.210.5])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id AAA33315
	for <doc-jp@jp.freebsd.org>; Mon, 10 Jul 2000 00:25:15 +0900 (JST)
	(envelope-from iwac@sta.att.ne.jp)
Received: from oceanblue.sidemenu.home (26.pool27.tokyo.att.ne.jp [165.76.232.41]) by sta.att.ne.jp (8.8.8+Spin/3.6W-CONS(07/23/99)) id AAA25085; Mon, 10 Jul 2000 00:25:12 +0900 (JST)
Message-Id: <200007091525.AAA25085@sta.att.ne.jp>
Date: Mon, 10 Jul 2000 00:25:58 +0900
From: "Iwakuni, Tomohiko" <iwac@sta.att.ne.jp>
To: doc-jp@jp.freebsd.org
In-Reply-To: <20000705230939.CF9F237BB66@hub.freebsd.org>
References: <20000705230939.CF9F237BB66@hub.freebsd.org>
X-Mailer: Sylpheed version 0.3.21 (GTK+ 1.2.8; Linux 2.2.5-22lv3; i686)
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7512
Subject: [doc-jp 7512] Re: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:29.wu-ftpd
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: iwac@sta.att.ne.jp


$B!!$3$s$P$s$O!"4dT"$G$9!#(B

$B!!Lu$7$F$_$^$7$?!#59$7$/$*4j$$$7$^$9!#(B

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:29.wu-ftpd
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Message-Id: <20000705230939.CF9F237BB66@hub.freebsd.org>
  Date: Wed,  5 Jul 2000 16:09:39 -0700 (PDT)
  X-Sequence: announce-jp 469

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B(doc-jp)$B$,;29M$N(B
 $B$?$a$KDs6!$9$k$b$N$G(B, doc-jp $B$O(B $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B.
 $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-00:29                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:       wu-ftpd port contains remote root compromise

$BJ,N`(B: 	      ports
$B%b%8%e!<%k(B:     wu-ftpd
$B9pCNF|(B:    $B!!!!(B 2000-07-05
$B%/%l%8%C%H(B:     tf8 <tf8@ZOLO.FREELSD.NET>
$B1F6AHO0O(B:       Ports collection.
$B=$@5F|(B:         2000-06-24
$B%Y%s%@$NBP1~(B:   $B%Y%s%@$KLdBj$r9pCN:Q$_(B
FreeBSD $B$K8GM-$+(B:   NO 

I.   $BGX7J(B - Background

 wu-ftpd is a popular FTP server.

 wu-ftpd$B$O?M5$$N$"$k(BFTP$B%5!<%P$G$9(B.
 
I.  $BLdBj$N>\:Y(B - Problem Description

> The wu-ftpd port, versions 2.6.0 and below, contains a vulnerability
> which allows remote anonymous FTP users to execute arbitrary code as
> root on the local machine, by inserting string-formatting operators
> into command input, which are incorrectly parsed by the FTP server.

wu-ftpd$B$N(Bport($B%P!<%8%g%s(B2.6.0$B$*$h$S$=$l0J2<(B)$B$O%;%-%e%j%F%#>e$N<eE@(B
$B$,$"$j$^$9(B.$BJ8;zNs7A<0$N%*%Z%l!<%?$r%3%^%s%IF~NO$KA^F~$9$k;v$K$h$C$F(B
,FTP$B%5!<%P$O4V0c$C$?%Q!<%9$r$7$^$9(B.$B$=$N$3$H$K$h$j(B,$B%j%b!<%H$NF?L>(BFTP
$B%f!<%6$O(B,$B%k!<%H8"8B$H$7$F$=$N%m!<%+%k%^%7%s>e$GG$0U$N%3!<%I$,<B9T$G(B
$B$-$k$h$&$K$J$j$^$9(B.
 
> The wu-ftpd port is not installed by default, nor is it "part of
> FreeBSD" as such: it is part of the FreeBSD ports collection, which
> contains over 3400 third-party applications in a ready-to-install
> format. The ports collections shipped with FreeBSD 3.5 and 4.0 contains
> this problem since it was discovered after the release.

wu-ftpd$B$N(Bport$B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$^$;$s(B,$B$^$?$=$l$O(BFreeBSD
$B$N0lIt$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.$B$=$l$O(B,3400$B$r1[$($k%5!<%I%Q!<%F%#(B
$B@=%"%W%j%1!<%7%g%s$,$9$0$K%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B
FreeBSD ports collection$B$N0lIt$G$9(B.$B$3$NLdBj$,H/3P$7$?$N$,%j%j!<%9$h$j(B
$B8e$J$N$G(B,FreeBSD 3.5$B$H(B4.0$B$K<}$a$i$l$F$$$k(Bports collection$B$O$3$NLdBj$r(B
$B4^$s$G$$$^$9(B.
 
> FreeBSD makes no claim about the security of these third-party
> applications, although an effort is underway to provide a security
> audit of the most security-critical ports.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B($BLuCm(B: Ports Collection
$B$KF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$K(B
$BBP$7$FBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B. 


III. $B1F6AHO0O(B - Impact

> Remote anonymous FTP users can cause arbitrary commands to be executed
> as root on the local machine.

$B%j%b!<%H$NF?L>(BFTP $B%f!<%6$,%m!<%+%k%^%7%s>e$G%k!<%H8"8B$H$7$FG$0U$N%3%^%s%I(B
$B$r<B9T$9$k$3$H$,2DG=$G$9(B.

> If you have not chosen to install the wu-ftpd port/package, then
> your system is not vulnerable to this problem.

$B$b$7(B wu-ftpd$B$N(Bport/package$B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B,$B$3$NLdBj$K4X$9$k(B
$B%;%-%e%j%F%#>e$N<eE@$OB8:_$7$^$;$s(B.

IV.  $BBP1~:v(B - Workaround

> Deinstall the wu-ftpd port/package, if you you have installed it.

wu-ftpd $B$N(B port/package$B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$K$O(B,$B$=$l$r:o=|$7$^$9(B.

V.   $B=$@5=hCV(B - Solution

$B<!$N$&$A$$$:$l$+$r9T$$$^$9(B:
 
> 1) Upgrade your entire ports collection and rebuild the wu-ftpd port.

1)ports collection$BA4BN$r%"%C%W%0%l!<%I$7(B,wu-ftpd port$B$r:F9=C[$7$^$9(B.

> 2) Deinstall the old package and install a new package dated after the
> correction date, obtained from:

2) $B8E$$%Q%C%1!<%8$r:o=|$7(B,$B=$@5F|8e$K$G$??7$7$$%Q%C%1!<%8$r%$%s%9%H!<%k(B
$B$7$^$9(B,$B?7$7$$%Q%C%1!<%8$O0J2<$N%5%$%H$+$iF~<j$9$k;v$,$G$-$^$9(B:
 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/wu-ftpd-2.6.0.tar.gz
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/wu-ftpd-2.6.0.tar.gz
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/wu-ftpd-2.6.0.tar.gz
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/wu-ftpd-2.6.0.tar.gz
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/wu-ftpd-2.6.0.tar.gz

> NOTE: It may be several days before updated packages are available. Be
> sure to check the file creation date on the package, because the
> version number of the software has not changed.

$BCm0U(B: $B%"%C%W%G!<%H$5$l$?(Bpackages$B$,F~<j2DG=$K$J$k$^$G?tF|$+$+$k$+$b$7$l(B
$B$^$;$s(B.$B%=%U%H%&%'%"$N%P!<%8%g%sHV9f$OJQ$o$C$F$$$J$$$N$G(B,$B%Q%C%1!<%8$N%U(B
$B%!%$%k$N:n@.F|$K5$$r$D$1$F$/$@$5$$(B.

> 3) download a new port skeleton for the wu-ftpd port from:

3) $B<!$N%5%$%H$+$i(Bwu-ftpd port$B$N?7$7$$(Bport $B%9%1%k%H%s$r%@%&%s%m!<%I(B
$B$7$^$9(B:

 http://www.freebsd.org/ports/
 
> and use it to rebuild the port.

$B$=$7$F!"$=$N%9%1%k%H%s$rMQ$$$F%]!<%H$r:F9=C[$7$^$9(B.
 
> 4) Use the portcheckout utility to automate option (3) above. The
> portcheckout port is available in /usr/ports/devel/portcheckout or the
> package can be obtained from:

4) $B>e5-$N(B3)$B$r<+F0E*$K9T$&(Bportcheckout$B%f!<%F%#%j%F%#$rMxMQ$7$^$9(B. 
portcheckout port$B$O(Bs available in /usr/ports/devel/portcheckout$B$h(B
$B$jF~<j$G$-$^$9(B.$B$b$7$/$O%Q%C%1!<%8$,<!$N%5%$%H$+$iF~<j$G$-$^$9(B:

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz


---
_/ $B4dT"!!CNI'(B<iwakuni@sidemenu.org> _/
