Security Vulnerability in the WU-FTPD "wu_fnmatch" Function May Result in a Denial of Service (DoS)


Category :Security
Release Phase :Resolved
Product :Solaris 9 Operating System
Solaris 10 Operating System  
Bug Id :6239487  
Date of Workaround Release :20-MAY-2005 
Date of Resolved Release :06-JUL-2005 


Impact

The Solaris 9 and Solaris 10 FTP Server, in.ftpd(1M), is based on WU-FTPD (Washington University ftpd) and are affected by a security vulnerability in the "wu_fnmatch" function which may allow a local or remote unprivileged user the ability to cause a Denial of Service (DoS) by consuming a large amount of CPU resources.

Additional information on this issue can be found in the following documents:


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

x86 Platform

Notes:

  1. Solaris 7 and Solaris 8 are not affected by this issue.
  2. This issue only impacts the "WU-FTPD" version of in.ftpd(1M).
  3. This issue only affects systems which are enabled as in.ftpd(1M) servers.

Symptoms

If the described issue occurs, the CPU utilization will go up to 100% and the prstat(1M) command will show that the "in.ftpd" process is consuming a lot of CPU time.

Symptoms similar to the following may be seen:

  • Slow running applications
  • Delayed response from the terminals
  • Slow response over the network

Workaround

To work around the described issue, disable ftp(1) service by doing the following:

On Solaris 9

1. Login as root.

2. Edit the "/etc/inetd.conf" file and comment out the line starting with "ftp".

3. Tell the inetd(1M) process to reread the newly modified "/etc/inetd.conf" file by sending it a hangup signal, SIGHUP:

    # pkill -HUP inetd

On Solaris 10

1. Login as root.

2. Disable the in.ftpd(1M) server using the following command:

    # svcadm disable ftp

Resolution

This issue is addressed in the following releases:

SPARC Platform

x86 Platform




Modification History


Date: 23-MAY-2005

Change History

23-May-2005:

  • Updated Relief/Workaround section

 


Date: 08-JUN-2005
  • Updated Contributing Factors and Relief/Workaround sections

Date: 06-JUL-2005
  • State: Resolved
  • Updated Contributing Factors and Resolution Sections



Attachments
This solution has no attachment
 
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Search
Article Details
Article ID : 200687
Article Type : Sun Alert
Last reviewed : 2006-12-21
Audience : PUBLIC
Keywords :
Provide feedback  (help)
Page Tools
»  Print This Page
»  Email This Article
»  Bookmark This Article
Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
About Oracle | Oracle and Sun | Oracle RSS Feeds | Subscribe | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Your Privacy Rights | Copyright © 2010, Oracle Corporation and/or its affiliates | SunSolve Version 7.4.2 #1