__________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                      Wu-ftpd Buffer Overflow Vulnerability
                  [Red Hat Security Advisory RHSA-2003:245-15]

July 31, 2003 18:00 GMT                                           Number N-132
______________________________________________________________________________
PROBLEM:       A buffer overflow vulnerability exists in wu-ftpd versions
	       2.6.2 and earlier. WU-FTPD is a popular ftp daemon used on the
               Internet, and on many anonymous ftp sites all around the
               world.
PLATFORM:      Red Hat: Linux 7.1, Linux 7.1 for iSeries, Linux 7.1 for
                        pSeries, Linux 7.2, Linux 7.3, Linux 8.0

               OTHER PLATFORMS WILL BE ADDED WHEN VENDOR BULLETINS ARE RELEASED.

DAMAGE:        Successful exploitation could cause a buffer overflow and allow
               for an increase in privileges.
SOLUTION:      Install updated wu-ftpd packages from Red Hat.
______________________________________________________________________________
VULNERABILITY  The risk is HIGH. A remote attacker could gain root privileges.
ASSESSMENT:
______________________________________________________________________________
LINKS:
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/n-132.shtml
 ORIGINAL BULLETIN:  https://rhn.redhat.com/errata/RHSA-2003-245.html
 ADDITIONAL LINKS:   http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt

		     ADDITIONAL VENDOR INFORMATION WILL BE ADDED WHEN IT
		     BECOMES AVAILABLE.
______________________________________________________________________________