From owner-doc-jp@jp.freebsd.org  Sat Jul 15 13:10:50 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id NAA52168;
	Sat, 15 Jul 2000 13:10:50 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from sta.att.ne.jp (sta.att.ne.jp [165.76.210.5])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id NAA52161
	for <doc-jp@jp.freebsd.org>; Sat, 15 Jul 2000 13:10:49 +0900 (JST)
	(envelope-from iwac@sta.att.ne.jp)
Received: from oceanblue.sidemenu.home (230.pool27.tokyo.att.ne.jp [165.76.232.245]) by sta.att.ne.jp (8.8.8+Spin/3.6W-CONS(07/23/99)) id NAA16799; Sat, 15 Jul 2000 13:10:47 +0900 (JST)
Message-Id: <200007150410.NAA16799@sta.att.ne.jp>
Date: Sat, 15 Jul 2000 13:11:38 +0900
From: "Iwakuni, Tomohiko" <iwac@sta.att.ne.jp>
To: doc-jp@jp.freebsd.org
In-Reply-To: <20000711225124.6624.qmail@smtp.246.ne.jp>
References: <200007101254.VAA02591@sta.att.ne.jp>
	<Pine.BSF.4.21.0007110117360.91189-100000@freefall.freebsd.org>
	<200007110845.e6B8jLR03063@koga.do.mms.mt.nec.co.jp>
	<20000711225124.6624.qmail@smtp.246.ne.jp>
X-Mailer: Sylpheed version 0.3.21 (GTK+ 1.2.8; Linux 2.2.5-22lv3; i686)
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7564
Subject: [doc-jp 7564] Re: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:29.wu-ftpd
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: iwac@sta.att.ne.jp


 $B4dT"$G$9!#(B
$B!!(B
$B!!JQ992U=j(B(review $B$5$l$?$b$N$OD{@5:Q$_$G$9(B)

>  $B%Y%s%@$O<~CN:Q$_!!(B $B"*!!G'<1:Q(B

>  The wu-ftpd port, versions 2.6.0 and below, contains a vulnerability
> +which allows FTP users, both anonymous FTP users and those with a
> +valid account, to execute arbitrary code as root on the local machine,
> +by inserting string-formatting operators into command input, which are
> +incorrectly parsed by the FTP server.

wu-ftpd $B$N(B port ($B%P!<%8%g%s(B 2.6.0 $B$*$h$S$=$l0JA0$N$b$N(B) $B$K$O(B, $B%j%b!<%H$N(B
 FTP $B%f!<%6(B (anonymous FTP $B%f!<%6(B, $B$*$h$S%m%0%$%s2DG=$J%f!<%6(B)$B$,%m!<%+%k(B
$B%^%7%s>e$N(B root $B8"8B$GG$0U$N%3!<%I$r<B9T$G$-$k$H$$$&%;%-%e%j%F%#>e$N<eE@(B
$B$,$"$j$^$9(B. $B%3!<%I$N<B9T$O(B, $B%3%^%s%IF~NO$K(B FTP $B%5!<%P$,@5$7$/2r@O$G$-$J(B
$B$$$h$&$J=q<0J8;zNs$rF~$l$k$3$H$G2DG=$H$J$j$^$9(B.
 
>  III. Impact
  
> -Remote anonymous FTP users can cause arbitrary commands to be executed
> -as root on the local machine.
> +FTP users, including anonymous FTP users, can cause arbitrary commands
> +to be executed as root on the local machine.

FTP $B%f!<%6(B( anonymous FTP $B%f!<%6$b4^$`(B)$B$,%m!<%+%k%^%7%s>e$N(B root $B8"8B$G(B
$BG$0U$N%3%^%s%I$r<B9T$9$k$3$H$,2DG=$G$9(B.


> +VI.   Revision History

> +v1.0  2000-07-05  Initial release
> +v1.1  2000-07-11  Clarify that vulnerability affects all FTP users, not
> +                  just anonymous FTP. Correct URL of package. Update
> +                  size of ports collection.

VI.   $B2~D{MzNr(B - Revision History

v1.0  2000-07-05  $B=iHG8x3+(B
v1.1  2000-07-11  anonymous FTP $B%f!<%6$@$1$G$J$/(B, $BA4$F$N(B FTP $B%f!<%6$K$3(B
		  $B$N%;%-%e%j%F%#>e$N<eE@$,1F6A$9$k;v$rL@3N$K$7$^$7$?(B. 
		  package $B$r@5$7$$(BURL$B$XJQ99$7$^$7$?(B. Ports Collection 
		  $B$N?t$r99?7$7$^$7$?(B.

$B0J2<!"2~D{HG$G$9!#(B

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:29.wu-ftpd [REVISED]
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Message-Id: <20000711220526.8BC5137C225@hub.freebsd.org>
  Date: Tue, 11 Jul 2000 15:05:26 -0700 (PDT)
$B!!(BX-Sequence: announce-jp 476

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B(doc-jp)$B$,;29M$N(B
 $B$?$a$KDs6!$9$k$b$N$G(B, doc-jp $B$O(B $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B.
 $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-00:29                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:       wu-ftpd port contains remote root compromise [REVISED]

$BJ,N`(B: 	      ports
$B%b%8%e!<%k(B:     wu-ftpd
$B9pCNF|(B:    $B!!!!(B 2000-07-05
$B2~D{F|(B:         2000-07-11
$B%/%l%8%C%H(B:     tf8 <tf8@ZOLO.FREELSD.NET>
$B1F6AHO0O(B:       Ports Collection
$B=$@5F|(B:         2000-06-24
$B%Y%s%@$NBP1~(B:   $BG'<1:Q(B
FreeBSD $B$K8GM-$+(B:   NO 

I.   $BGX7J(B - Background

wu-ftpd $B$O?M5$$N$"$k(B FTP $B%5!<%P%W%m%0%i%`$G$9(B.
 
I.  $BLdBj$N>\:Y(B - Problem Description

wu-ftpd $B$N(B port ($B%P!<%8%g%s(B 2.6.0 $B$*$h$S$=$l0JA0$N$b$N(B) $B$K$O(B, $B%j%b!<%H$N(B
FTP $B%f!<%6(B (anonymous FTP $B%f!<%6(B, $B$*$h$S%m%0%$%s2DG=$J%f!<%6(B)$B$,%m!<%+%k(B
$B%^%7%s>e$N(B root $B8"8B$GG$0U$N%3!<%I$r<B9T$G$-$k$H$$$&%;%-%e%j%F%#>e$N<eE@(B
$B$,$"$j$^$9(B. $B%3!<%I$N<B9T$O(B, $B%3%^%s%IF~NO$K(B FTP $B%5!<%P$,@5$7$/2r@O$G$-$J(B
$B$$$h$&$J=q<0;XDjJ8;zNs$rF~$l$k$3$H$G2DG=$H$J$j$^$9(B.

 
wu-ftpd $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$^$;$s(B.  $B$^$?$=$l$O(BFreeBSD
$B$N0lIt$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.  $B$=$l$O(B, 3500 $B$r1[$($k%5!<%I(B $B%Q!<(B
$B%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B
FreeBSD Ports Collection $B$N0lIt$G$9(B.  $B$3$NLdBj$,H/3P$7$?$N$,%j%j!<%9$h$j(B
$B8e$J$N$G(B, FreeBSD 3.5 $B$H(B 4.0 $B$K<}$a$i$l$F$$$k(B Ports Collection $B$O$3$NLd(B
$BBj$r4^$s$G$$$^$9(B.
 
FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#Ld(B
$BBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,0BA4(B
$B$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$FBg(B
$B$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,$B8=:_EXNO(B
$BCf$G$9(B. 

III. $B1F6AHO0O(B - Impact

FTP $B%f!<%6(B( anonymous FTP $B%f!<%6$b4^$`(B)$B$,%m!<%+%k%^%7%s>e$N(B root $B8"8B$G(B
$BG$0U$N%3%^%s%I$r<B9T$9$k$3$H$,2DG=$G$9(B.

$B$b$7(B wu-ftpd $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B, $B$3$NLdBj$K4X(B
$B$9$k%;%-%e%j%F%#>e$N<eE@$OB8:_$7$^$;$s(B.

IV.  $BBP1~:v(B - Workaround

wu-ftpd $B$N(B port/package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$K$O(B, $B$=$l$r:o=|$7(B
$B$^$9(B.

V.   $B=$@5=hCV(B - Solution

$B<!$N$&$A$$$:$l$+$r9T$$$^$9(B:
 
1)ports collection $BA4BN$r%"%C%W%0%l!<%I$7(B, wu-ftpd port $B$r:F9=C[$7$^$9(B.

2) $B8E$$(B package $B$r:o=|$7(B, $B=$@5F|8e$K$G$??7$7$$(B package $B$r%$%s%9%H!<%k$7(B
$B$^$9(B, $B?7$7$$(B package $B$O0J2<$N%5%$%H$+$iF~<j$9$k;v$,$G$-$^$9(B:
 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/wu-ftpd-2.6.0.tgz
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/wu-ftpd-2.6.0.tgz
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/wu-ftpd-2.6.0.tgz
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/wu-ftpd-2.6.0.tgz
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/wu-ftpd-2.6.0.tgz
  
$BCm0U(B: $B%"%C%W%G!<%H$5$l$?(B packages $B$,F~<j2DG=$K$J$k$^$G?tF|$+$+$k$+$b$7(B
$B$l$^$;$s(B. $B%=%U%H%&%'%"$N%P!<%8%g%sHV9f$OJQ$o$C$F$$$J$$$N$G(B, package 
$B%U%!%$%k$N:n@.F|$K5$$r$D$1$F$/$@$5$$(B.

3) $B<!$N%5%$%H$+$i(B wu-ftpd port $B$N?7$7$$(B port $B%9%1%k%H%s$r%@%&%s%m!<%I(B
$B$7$^$9(B:

 http://www.freebsd.org/ports/

$B$=$7$F!"$=$N%9%1%k%H%s$rMQ$$$F(B port $B$r:F9=C[$7$^$9(B.
 
4) $B>e5-$N(B3)$B$r<+F0E*$K9T$&(B portcheckout $B%f!<%F%#%j%F%#$rMxMQ$7$^$9(B. 
portcheckout port $B$O(B /usr/ports/devel/portcheckout $B$h$jF~<j$G$-$^$9(B.
$B$b$7$/$O(B package $B$,<!$N%5%$%H$+$iF~<j$G$-$^$9(B:

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz

VI.   $B2~D{MzNr(B - Revision History

v1.0  2000-07-05  $B=iHG8x3+(B
v1.1  2000-07-11  anonymous FTP $B%f!<%6$@$1$G$J$/(B, $BA4$F$N(B FTP $B%f!<%6$K$3(B
		  $B$N%;%-%e%j%F%#>e$N<eE@$,1F6A$9$k;v$rL@3N$K$7$^$7$?(B. 
		  package $B$r@5$7$$(BURL$B$XJQ99$7$^$7$?(B. Ports Collection 
		  $B$N?t$r99?7$7$^$7$?(B.


