From owner-doc-jp@jp.freebsd.org  Mon Jul 10 12:45:00 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id MAA75409;
	Mon, 10 Jul 2000 12:45:00 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from www2.att.ne.jp (www2.att.ne.jp [165.76.0.163])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id MAA75404
	for <doc-jp@jp.freebsd.org>; Mon, 10 Jul 2000 12:45:00 +0900 (JST)
	(envelope-from iwac@sta.att.ne.jp)
From: iwac@sta.att.ne.jp
Received: (from www@localhost) by www2.att.ne.jp (8.8.8+Spin/3.6W-AT&TJens-stand2(12/11/98)) id MAA15594; Mon, 10 Jul 2000 12:45:00 +0900 (JST)
Date: Mon, 10 Jul 2000 12:45:00 +0900 (JST)
Message-Id: <200007100345.MAA15594@www2.att.ne.jp>
X-Authentication-Warning: www2.att.ne.jp: www set sender to  iwac@sta.att.ne.jp using -f
To: doc-jp@jp.freebsd.org
Content-Type: text/plain; charset="iso-2022-jp"
Reply-To: iwac@sta.att.ne.jp
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7514
Subject: [doc-jp 7514] Re:  ANNOUNCE: FreeBSD Ports Security Advisory:FreeBSD-SA-00:29.wu-ftpd
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: iwac@sta.att.ne.jp



  $B$3$s$K$A$O!"4dT"$G$9!#(B

> > > The wu-ftpd port, versions 2.6.0 and below, contains a vulnerability
> > > which allows remote anonymous FTP users to execute arbitrary code as
> > > root on the local machine, by inserting string-formatting operators
> > > into command input, which are incorrectly parsed by the FTP server.

>  |wu-ftpd $B$N(B port ($B%P!<%8%g%s(B 2.6.0 $B$*$h$S$=$l0JA0$N$b$N(B) $B$K$O(B,
>  |$B%j%b!<%H$N(B anonymous FTP $B%f!<%6$,%m!<%+%k%^%7%s>e$N(B root $B8"8B$G(B
>  |$BG$0U$N%3!<%I$r<B9T$G$-$k$H$$$&%;%-%e%j%F%#>e$N<eE@$,$"$j$^$9(B.
>  |$B%3!<%I$N<B9T$O(B, $B%3%^%s%IF~NO$K(B FTP $B%5!<%P$,@5$7$/2r@O$G$-$J$$$h$&$J(B
>  |$BJ8;zNs7A<0$N1i;;;R$rF~$l$k$3$H$G2DG=$H$J$j$^$9(B.

>  string-formatting operators $B$,$I$&$$$&$b$N$J$N$+(B
>  $B$o$+$i$J$$$N$G!"$=$NItJ,$NLu$OE,Ev$G$9!#(B
>  $BF?L>(B FTP $B$O$A$g$C$HHyL/$G$9$+$M!E!E!#(B

$B!!%;%-%e%j%F%#%U%)!<%+%9$N(Bdiscussion$B$K$O(B
$B!!(B Wu-ftpd is vulnerable to a very serious remote attack 
$B!!(Bin the SITE EXEC implementation. 
$B!!(BBecause of user input going directly into a format string 
$B!!(Bfor a *printf function, 
$B!!(B
$B!!$H=q$$$F$"$j$^$9(B.$B!!1i;;;R$@$H$*$+$7$$$h$&$J5$$,$7$?$N$G$9$,!"(B
$B!!$I$&$J$s$G$7$g$&$+!#(B

$B!!F?L>$h$j(Banonymous FTP$B$NJ}$,<+A3!J!)!K$G$9$M!#(B
 
> > > Remote anonymous FTP users can cause arbitrary commands to be executed
> > > as root on the local machine.
> > 
> > $B%j%b!<%H$NF?L>(BFTP $B%f!<%6$,%m!<%+%k%^%7%s>e$G%k!<%H8"8B$H$7$FG$0U$N%3%^%s%I(B
> > $B$r<B9T$9$k$3$H$,2DG=$G$9(B.
> 
>  |$B%j%b!<%H$N(B anonymous FTP $B%f!<%6$,%m!<%+%k%^%7%s>e$N(B root $B8"8B$G(B
>  |$BG$0U$N%3%^%s%I$r<B9T$9$k$3$H$,2DG=$G$9(B.

>  $B$3$3$i$X$s$N!V%]!<%H!W!V%Q%C%1!<%8!W$O(B
>  $B$=$l$>$l(B "port" "package" $B$KE}0l$9$k$h$&$K$*4j$$$7$^$9!#(B
>  $B$^$@J8=q2=$7$F$$$J$$$N$G$9$,!"%,%$%I%i%$%s$H$7$F$O(B
> 
>   o FreeBSD Ports Collection $B$O8GM-L>;l07$$!#(B
>   o $B%Q%C%1!<%8$H(B FreeBSD $B$N(B package $B$O6hJL$9$k!#(B
>     ($BA0<T$O0lHLE*$J%Q%C%1!<%8%7%9%F%`$r;X$9>l9g$KMQ$$$k(B)
>   o $BC1J#$N;H$$J,$1$O1Q8l$K=`$:$k!#(B

$B!!N;2r$G$9!#(B

$B!!$H$3$m$G!"%9%1%k%H%s$O%+%?%+%J$G(BOK$B$G$9$+!)(B
$B!!=$@5HG$O!"5"Bp8e(B($B:#F|$NLk$"$?$j(B)$BN.$7$^$9!#(B

$B4dT"!!CNI'(B<iwac@sta.att.ne.jp>
