From owner-doc-jp@jp.FreeBSD.org Wed Dec 12 01:57:46 2001
Received: (from daemon@localhost)
	by castle2.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id fBBGvkc82052;
	Wed, 12 Dec 2001 01:57:46 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from castle.jp.freebsd.org (castle.jp.FreeBSD.org [210.226.20.15])
	by castle2.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id fBBGvkm82047
	for <doc-jp@castle2.jp.freebsd.org>; Wed, 12 Dec 2001 01:57:46 +0900 (JST)
	(envelope-from owner-doc-jp@castle2.jp.freebsd.org)
Received: from wasley.bl.mmtr.or.jp (wasley.bl.mmtr.or.jp [210.228.160.21])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id BAA98457
	for <doc-jp@jp.FreeBSD.org>; Wed, 12 Dec 2001 01:57:44 +0900 (JST)
	(envelope-from rushani@bl.mmtr.or.jp)
Received: (qmail 18578 invoked from network); 12 Dec 2001 01:57:41 +0900
Received: from unknown (HELO localhost) (210.165.143.85)
  by mx.bl.mmtr.or.jp with SMTP; 12 Dec 2001 01:57:41 +0900
Date: Wed, 12 Dec 2001 02:03:30 +0900 (JST)
Message-Id: <20011212.020330.48799856.rushani@bl.mmtr.or.jp>
To: doc-jp@jp.FreeBSD.org
From: Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>
In-Reply-To: <20011212.010710.08321715.hrs@eos.ocn.ne.jp>
References: <200112041854.fB4IsI319200@freefall.freebsd.org>
	<20011212.010710.08321715.hrs@eos.ocn.ne.jp>
Organization: Nagaoka National College of Technology
X-URL: http://www.bl.mmtr.or.jp/~rushani/
X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp@jp.FreeBSD.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010331
X-Sequence: doc-jp 8553
Subject: [doc-jp 8553] Re: ANNOUNCE: FreeBSD Ports Security Advisory
 FreeBSD-SA-01:64.wu-ftpd
Errors-To: owner-doc-jp@jp.FreeBSD.org
Sender: owner-doc-jp@jp.FreeBSD.org
X-Originator: rushani@bl.mmtr.or.jp

$BARIJ$G$9(B.

>>> On Wed, 12 Dec 2001 01:07:10 +0900 (JST), Hiroki Sato <hrs@eos.ocn.ne.jp> said:

> $B:4F#!wEl5~M}2JBg3X$G$9!#(B
> 
>  01:64 $B$G$9!#(B
[...]
> FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
> =============================================================================
> FreeBSD-SA-01:64 (2001-12-04)
>  * wu-ftpd port contains remote root compromise
> =============================================================================
[...]
> I.   $BGX7J(B - Background
> 
> wu-ftpd is a popular full-featured FTP server.
> 
> wu-ftpd $B$O(B, $BA45!G=$rHw$($??M5$$N$"$k(B FTP $B%5!<%P$G$9(B.

$B!VA45!G=!W$H$O6qBNE*$K2?$N$3$H$+!D$H$$$&$h$j(B, $B!X$9$Y$F!Y$H$$$&I=8=$@$H(B
$B$A$g$C$H8lJ@$,$"$j$=$&$J$N$G(B, $B!V5!G=K~:\$J!W$H$G$b$7$^$;$s$+(B.


> II.  $BLdBj$N>\:Y(B - Problem Description
> 
> The wu-ftpd port, versions prior to wu-ftpd-2.6.1_7, contains a
> vulnerability which allows FTP users, both anonymous FTP users and
> those with valid accounts, to execute arbitrary code as root on
> the local machine.  This may be accomplished by inserting invalid
> globbing parameters which are incorrectly parsed by the FTP server
> into command input.
> 
> wu-ftpd port $B$N(B wu-ftpd-2.6.1_7 $B0JA0$N%P!<%8%g%s$K$O(B,

$B8e$K=P$F$/$k$N$G(B, 

$B!V(Bwu-ftpd $B$N(B port $B$N(B wu-ftpd-2.6.1_7 $B0JA0$N%P!<%8%g%s$K$O(B,$B!W(B
          ^^
$B$H$7$?J}$,$$$$$G$7$g$&$+(B.


> The wu-ftpd port is not installed by default, nor is it "part of
> FreeBSD" as such: it is part of the FreeBSD ports collection, which
> contains over 6000 third-party applications in a ready-to-install
> format. The ports collection shipped with FreeBSD 4.4 contains this
> problem since it was discovered after the release.
[...]
> procmail $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
> $B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.
> $B$=$l$i$O(B 6000 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
> $B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
> $B$3$NLdBj$O(B FreeBSD 4.4 $B$N%j%j!<%98e$KH/8+!&=$@5$5$l$?$?$a(B, FreeBSD 4.4 $B$K$O(B
> $B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$,4^$^$l$F$$$^$9(B.

$B!V(Bwu-ftpd $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,$B!W(B
  ^^^^^^^
$B$G$;$&(B.

----
Hideyuki KURASHINA              Strength of Materials laboratory,
rushani@bl.mmtr.or.jp           Department of Mechanical Engineering, 
m09010@st.nagaoka-ct.ac.jp      Nagaoka National College of Technology
