HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- WU-FTPD fb_realpath() Off-By-One Buffer Overflow
Operating System - HP-UX
1826073
Members
3636
Online
109690
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2007 04:26 AM
04-13-2007 04:26 AM
WU-FTPD fb_realpath() Off-By-One Buffer Overflow
HP-UX 11iv2 PARISC
Hi all. I am running wu-ftpd 2.6.1. I have 2 questions on security of this program.
1. My security-patch check tool doesn't alert me to the vulnerability. I download a new catalog every nite, so I am wondering why.
2. If I am understanding the CERT correctly, it seems that I have to install 2.6.2 from HP, then run the wu realpath patch from wu. Has anyone done this, if so, how did it work out?
TIA!
Hi all. I am running wu-ftpd 2.6.1. I have 2 questions on security of this program.
1. My security-patch check tool doesn't alert me to the vulnerability. I download a new catalog every nite, so I am wondering why.
2. If I am understanding the CERT correctly, it seems that I have to install 2.6.2 from HP, then run the wu realpath patch from wu. Has anyone done this, if so, how did it work out?
TIA!
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2007 06:01 AM
04-16-2007 06:01 AM
Re: WU-FTPD fb_realpath() Off-By-One Buffer Overflow
Anybody? If not, I'll close the thread.
TIA
TIA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2007 09:08 AM
04-16-2007 09:08 AM
Re: WU-FTPD fb_realpath() Off-By-One Buffer Overflow
I know nothing, but it appears that if I
wanted to learn anything about "the
vulnerability", I'd need to do all my own
research, because you've provided no
references where I might discover about what
you're talking. "[T]he CERT" is a long way
from a link to a description of "the
vulnerability".
And while _I_ may know nothing, I may not be
the only one who's too lazy to go through all
that duplicative effort.
wanted to learn anything about "the
vulnerability", I'd need to do all my own
research, because you've provided no
references where I might discover about what
you're talking. "[T]he CERT" is a long way
from a link to a description of "the
vulnerability".
And while _I_ may know nothing, I may not be
the only one who's too lazy to go through all
that duplicative effort.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2007 05:37 AM
05-15-2007 05:37 AM
Re: WU-FTPD fb_realpath() Off-By-One Buffer Overflow
Hi,
I am also inquiring about this, I use a tool called found stone and it sees this WU-FTPD Off-by-one Buffer overflow vulnerability.
It looks like version 11.0 and 11.1 of HU-UX there is a patch for WU-FTP.
I am running 11.23 on Sparc, any body know where I can get a depot for the latest patch for this?
I am also inquiring about this, I use a tool called found stone and it sees this WU-FTPD Off-by-one Buffer overflow vulnerability.
It looks like version 11.0 and 11.1 of HU-UX there is a patch for WU-FTP.
I am running 11.23 on Sparc, any body know where I can get a depot for the latest patch for this?
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP