tech-security: Re: [thomas@suse.de: SuSE Security Announcement: lukemftp, nkitb,

Subject: Re: [thomas@suse.de: SuSE Security Announcement: lukemftp, nkitb,
To: Jan Schaumann <jschauma@netbsd.org>
From: Brian A. Seklecki <lavalamp@spiritual-machines.org>
List: tech-security
Date: 05/16/2002 12:37:06
SuSE is only about....21 days late on this one....

I think I saw this fixed a long time ago:

Pullup to *1-5:

Module Name:    basesrc
Committed By:   he
Date:           Fri Apr 26 13:20:56 UTC 2002

Modified Files:
        basesrc/usr.bin/ftp [netbsd-1-5]: ftp.c

Log Message:
Pull up revision 1.118 (requested by itojun):
  Avoid buffer overrun on PASV response from a malicious server.


---------

Patch to current:

Module Name:    basesrc
Committed By:   itojun
Date:           Thu Apr 25 10:55:44 UTC 2002

Modified Files:
        basesrc/usr.bin/ftp: ftp.c

Log Message:
avoid buffer overrun on PASV from malicious server.
http://online.securityfocus.com/archive/1/269356/2002-04-22/2002-04-28/0

----------

-lava


On Thu, 16 May 2002 @ 12:23pm (-0400), Jan Schaumann wrote:

JS> All,
JS>
JS> Are we affected by the (snipped) security advisory below?  The posting
JS> to bugtraq did not contain a proof of concept or some such.
JS>
JS> -Jan
JS>
JS>
JS>
JS> ----- Forwarded message from Thomas Biege <thomas@suse.de> -----
JS>
JS> > Date: Thu, 16 May 2002 14:05:46 +0200 (CEST)
JS> > From: Thomas Biege <thomas@suse.de>
JS> > To: <bugtraq@securityfocus.com>
JS> > Subject: SuSE Security Announcement: lukemftp, nkitb, nkitserv (SuSE-SA:2002:018)
JS> >
JS> > -----BEGIN PGP SIGNED MESSAGE-----
JS> >
JS> > ______________________________________________________________________________
JS> >
JS> >                         SuSE Security Announcement
JS> >
JS> >         Package:                lukemftp, nkitb, nkitserv
JS> >         Announcement-ID:        SuSE-SA:2002:018
JS> >         Date:                   Wednesday, May 15th 2002 12:30 MEST
JS>
JS> >         Vulnerability Type:     remote command execution
JS> >         Severity (1-10):        3
JS> >         SuSE default package:   yes
JS> >         Other affected systems: all systems using lukemftp
JS>
JS> > ______________________________________________________________________________
JS> >
JS> > 1)  problem description, brief discussion, solution, upgrade information
JS> >
JS> >     Lukemftp (ftp(1), /usr/bin/ftp, /usr/bin/pftp) is a compfortable ftp
JS> >     client from NetBSD.
JS> >     A buffer overflow could be triggered by an malicious ftp server while the
JS> >     client parses the PASV ftp command. An attacker who control an ftp server
JS> >     to which a client using lukemftp is connected can gain remote access to
JS> >     the clients machine with the privileges of the user running lukeftp.
JS>
JS> > Bye,
JS> >      Thomas
JS> > --
JS> >   Thomas Biege <thomas@suse.de>
JS> >   SuSE Linux AG,Deutschherrnstr. 15-19,90429 Nuernberg
JS> >   Function: Security Support & Auditing
JS> >   "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka"
JS> >   Key fingerprint = 51 AD B9 C7 34 FC F2 54  01 4A 1C D4 66 64 09 83
JS> > --
JS> > 	Trete durch die Form ein, und trete aus der Form  heraus.
JS>
JS> ----- End forwarded message -----
JS>

later -           | _BonaFide[] = { coder, author, | /~\ The ASCII Ribbon
Brian A. Seklecki | problem solver, scholar, BOFH, | \ / Campaign Against
                  | vegetarian, runner, NetBSD     |  X  Exchange, Outlook
                  | advocate, spiritual machine }; | / \ & HTML Email

"GNU/Linux: About as stable as the elements at the bottom of the periodic table"