Two vulnerabilities were discovered in wu-ftpd: CAN-2004-0148 Glenn Stewart discovered that users could bypass the directory access restrictions imposed by the restricted-gid option by changing the permissions on their home directory. On a subsequent login, when access to the user's home directory was denied, wu-ftpd would fall back to the root directory. CAN-2004-0185 A buffer overflow existed in wu-ftpd's code which deals with S/key authentication. For the stable distribution (woody) these problems have been fixed in version 2.6.2-3woody4. For the unstable distribution (sid) these problems have been fixed in version 2.6.2-17.1. We recommend that you update your wu-ftpd package.
Two vulnerabilities were discovered in wu-ftpd:
Glenn Stewart discovered that users could bypass the directory access restrictions imposed by the restricted-gid option by changing the permissions on their home directory. On a subsequent login, when access to the user's home directory was denied, wu-ftpd would fall back to the root directory.
A buffer overflow existed in wu-ftpd's code which deals with S/key authentication.
For the stable distribution (woody) these problems have been fixed in version 2.6.2-3woody4.
For the unstable distribution (sid) these problems have been fixed in version 2.6.2-17.1.
We recommend that you update your wu-ftpd package.
MD5 checksums of the listed files are available in the original advisory.