patch details: T64V51AB-IX622-WUFTPD262-SSRT4704-SSRT4705

The most recent patch is :  T64V51AB-IX622-WUFTPD262-SSRT4704-SSRT4705

useful links » Patch Family Tree

You may provide feedback on this document.

» title » product » source » eco information » eco kit summary » installation prerequisites » known problems with the patch kit

<TITLE> 

TITLE:  SSRT4704, SSRT4705 - HP Tru64 UNIX - Potential WU-FTPD Security 
                             Vulnerabilities

Copyright (c) Hewlett-Packard Company 2004.  All rights reserved.


PRODUCT:    WU-FTPD V2.6.2(1) for Tru64 UNIX 5.1A and 5.1B 
SOURCE:     Hewlett-Packard Company

ECO INFORMATION:

     ECO Name:  T64V51AB-IX622-WUFTPD262-SSRT4704-SSRT4705.tar
     ECO Kit Approximate Size:  3.8 MB 
     Kit Applies To:  Tru64 5.1A or 5.1B systems on 
                      latest supported base levels. 

     ECO Kit CHECKSUMS:
	/usr/bin/sum results:  
	13931   3860 

	/usr/bin/cksum results: 
	4292765317 3952640 

	
ECO KIT SUMMARY:

A setld-based, Early Release Patch kit exists for WU-FTPD that
contains solutions to the following problem(s):


Two potential security vulnerabilities have been identified in WU-FTPD 
that may be remotely exploitable resulting in unauthorized directory access, 
Denial of Service(DoS), or elevated user privileges. WU-FTPD is 
distributed via the Internet Express(IX) set of products available 
for Tru64 UNIX.

   o SSRT4704, SSRT4705 Internet Express WU-FTPD (Severity - High)

Cross References: CAN-2004-0148, 
                  CAN-2004-0185 

HP has addressed these potential vulnerabilities with this patched 
version of WU-FTPD. 

This patch kit delivers V2.6.2(1) of WU-FTPD 
with the security patches in the form of a setld patch kit.


The Patch Kit Installation Instructions and the Patch Summary and Release
Notes documents provide patch kit installation and removal instructions
and a summary of each patch. Please read these documents prior to 
installing patches on your system.

The patches in this ERP kit will are scheduled to be available in 
the next mainstream Internet Express (IX) release: V6.3.

**********************************
Special Installation Instructions:
**********************************

To install this patch kit:

# su root
# tar xvf  T64V51AB-IX622-WUFTPD262-SSRT4704-SSRT4705.tar
# setld -l . IAEFTP622

To remove this patch kit:

# su root
# setld -d IAEFTP622

To verify installation of the patch kit: 

# su root
# /usr/local/bin/ftpd -V | grep Version
Version wu-2.6.2(1) Mon Apr 5 03:14:53 EDT 2004



INSTALLATION PREREQUISITES:

You must have Tru64 UNIX 5.1B or 5.1A installed with the latest
supported base levels prior to installing this Early Release Patch Kit.

KNOWN PROBLEMS WITH THE PATCH KIT:

None.



[R] UNIX is a registered trademark in the United States and other countries 
licensed exclusively through X/Open Company Limited.

Copyright Hewlett-Packard Company 2004.  All Rights reserved.

  This software is proprietary to and embodies the confidential technology
  of Hewlett-Packard Company.  Possession, use, or copying of this
  software and media is authorized only pursuant to a valid written license
  from Hewlett-Packard or an authorized sublicensor.

       This ECO has not been through an exhaustive field test process.
       Due to the experimental stage of this ECO/workaround, Hewlett-Packard
       makes no representations regarding its use or performance. The
       customer shall have the sole responsibility for adequate protection
       and back-up data used in conjunction with this ECO/workaround.