TITLE:SSRT0622-OSIS Potential Security problem when using 'wu-ftpd' Shipped
with OSIS and IASS
* No Restrictions For Distribution *
______________________________________________________________
UPDATE: NOV 20, 1999
TITLE: Potential Security Problem when using wu-ftpd as a part
of Open Source Internet Solutions (OSIS).
SOURCE: Compaq Computer Corporation
Software Security Response Team
x-ref: SSRT0622
"Compaq is broadly distributing this Security Advisory in order
to bring to the attention of users of Compaq products the
important security information contained in this Advisory.
Compaq recommends that all users determine the applicability of
this information to their individual situations and take
appropriate action.
Compaq does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently,
Compaq will not be responsible for any damages resulting from
user's use or disregard of the information provided in this
Advisory."
------------------------------------------------------
IMPACT:
The wu-ftpd version 2.5.0 is the subject of recent CERT and CIAC
security advisories and the solution is to upgrade to wu-ftpd 2.6.0.
Also, the wu-ftpd as included in IASS V4.2, OSIS V5.0, and OSIS
V5.1 was modified to work both with and without Enhanced (C2)
Security enabled but in doing so, some of the advanced access
and logging features of wu-ftpd (such as guestgroup) were broken.
In this patch kit, that problem has been fixed, and it will
still work either with or without Enhanced (C2) Security enabled
(although accounts with secondary passwords are not supported).
----------------------------------------------------------------------
RESOLUTION:
A patch has been provided by the OSIS development engineering group
please follow the attached installation instructions.
Installation Instructions
-------------------------
This patch may be obtained from the World Wide Web at the
following FTP address:
http://www.support.compaq.com/patches
Patch name: SSRT0622-OSIS
Unpack the copied tar file and use setld to install it:
# tar xf ssrt0622-osis.tar
# setld -l ssrt0622-osis.tar
Additional Considerations:
If you need further information, please contact your normal
Compaq Services support channel.
Compaq appreciates your cooperation and patience. We regret any
inconvenience applying this information may cause.
As always, Compaq urges you to periodically review your system
management and security procedures.
Compaq will continue to review and enhance the security
features of its products and work with customers to maintain and
improve the security and integrity of their systems.
______________________________________________________________
Copyright (c) Compaq Computer Corporation, 1999 All
Rights Reserved.
Unpublished Rights Reserved Under The Copyright Laws Of
The United States.
This patch can be found at any of these sites:
Colorado Site
Georgia Site
Files on this server are as follows:
ssrt0622-osis.README
ssrt0622-osis.CHKSUM
ssrt0622-osis.tar
|