https://community.hpe.com/t5/operating-system-hp-ux/wu-ftpd-fb-realpath-off-by-one-buffer-overflow/m-p/3981011#M294367 I know nothing, but it appears that if I<BR />wanted to learn anything about "the<BR />vulnerability", I'd need to do all my own<BR />research, because you've provided no<BR />references where I might discover about what<BR />you're talking. "[T]he CERT" is a long way<BR />from a link to a description of "the<BR />vulnerability".<BR /><BR />And while _I_ may know nothing, I may not be<BR />the only one who's too lazy to go through all<BR />that duplicative effort. Mon, 16 Apr 2007 16:08:58 GMT Steven Schweda 2007-04-16T16:08:58Z https://community.hpe.com/t5/operating-system-hp-ux/wu-ftpd-fb-realpath-off-by-one-buffer-overflow/m-p/3981009#M294365 HP-UX 11iv2 PARISC<BR /><BR />Hi all. I am running wu-ftpd 2.6.1. I have 2 questions on security of this program.<BR /><BR />1. My security-patch check tool doesn't alert me to the vulnerability. I download a new catalog every nite, so I am wondering why.<BR /><BR />2. If I am understanding the CERT correctly, it seems that I have to install 2.6.2 from HP, then run the wu realpath patch from wu. Has anyone done this, if so, how did it work out?<BR /><BR />TIA! Fri, 13 Apr 2007 11:26:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/wu-ftpd-fb-realpath-off-by-one-buffer-overflow/m-p/3981009#M294365 Chrisl_2 2007-04-13T11:26:13Z https://community.hpe.com/t5/operating-system-hp-ux/wu-ftpd-fb-realpath-off-by-one-buffer-overflow/m-p/3981010#M294366 Anybody? If not, I'll close the thread.<BR /><BR />TIA Mon, 16 Apr 2007 13:01:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/wu-ftpd-fb-realpath-off-by-one-buffer-overflow/m-p/3981010#M294366 Chrisl_2 2007-04-16T13:01:44Z https://community.hpe.com/t5/operating-system-hp-ux/wu-ftpd-fb-realpath-off-by-one-buffer-overflow/m-p/3981011#M294367 I know nothing, but it appears that if I<BR />wanted to learn anything about "the<BR />vulnerability", I'd need to do all my own<BR />research, because you've provided no<BR />references where I might discover about what<BR />you're talking. "[T]he CERT" is a long way<BR />from a link to a description of "the<BR />vulnerability".<BR /><BR />And while _I_ may know nothing, I may not be<BR />the only one who's too lazy to go through all<BR />that duplicative effort. Mon, 16 Apr 2007 16:08:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/wu-ftpd-fb-realpath-off-by-one-buffer-overflow/m-p/3981011#M294367 Steven Schweda 2007-04-16T16:08:58Z https://community.hpe.com/t5/operating-system-hp-ux/wu-ftpd-fb-realpath-off-by-one-buffer-overflow/m-p/3981012#M294368 Hi,<BR /><BR />I am also inquiring about this, I use a tool called found stone and it sees this WU-FTPD Off-by-one Buffer overflow vulnerability.<BR /><BR />It looks like version 11.0 and 11.1 of HU-UX there is a patch for WU-FTP.<BR /><BR />I am running 11.23 on Sparc, any body know where I can get a depot for the latest patch for this? Tue, 15 May 2007 12:37:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/wu-ftpd-fb-realpath-off-by-one-buffer-overflow/m-p/3981012#M294368 Jason Haase 2007-05-15T12:37:34Z