Note: This is an archival copy of Security Sun Alert 200538 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000410.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Bug Id 4706072, 4705192 Date of Workaround Release 04-AUG-2003 Date of Resolved Release 08-SEP-2003 Impact The Solaris 9 FTP Server, in.ftpd(1M), is based on WU-ftpd (Washington University ftpd) and is affected by a security vulnerability which may allow a local or remote unprivileged user to gain unauthorized root access. This issue is described in iSEC Advisory isec-0011-wu-ftpd (please see http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt). Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Note: Solaris 2.6, 7, and 8 are not affected by this issue. Symptoms There are no predictable symptoms that would show the described issue has been exploited to gain root privileges. Workaround There are three workarounds that are advised until patches are available: 1. Disable the in.ftpd(1M) daemon on all Solaris 9 systems with the following steps:
#ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd
# pkill -HUP inetd This will disable in.ftpd(1M). or, 2. Use TCP wrappers to restrict access to in.ftpd(1M) from trusted hosts if you can't disable it. Solaris 9 ships with TCP wrappers, see the inetd(1M), hosts_access(4), and hosts_options(4) man pages for further information. or, 3. Block access to the control channel (by default, port 21/tcp) used by the in.ftpd(1M) daemon at all appropriate network perimeters. This document refers to one or more preliminary temporary patches (T-Patches) which are designed to address the concerns identified herein. Sun has limited experience with these patches due to their preliminary nature. As such, you should only install the patches on systems meeting the configurations described above. Sun may release full patches at a later date, however, Sun is under no obligation whatsoever to create, release, or distribute any such patch. Resolution This issue is addressed in the following releases: SPARC
x86
Modification History Date: 15-AUG-2003
Date: 08-SEP-2003
References114564-02114565-02 Attachments This solution has no attachment |
|