COMMAND

    gssftpd

SYSTEMS AFFECTED

    Kerberos (see below)

PROBLEM

    Tom Yu  found following.   A remote  user may  execute certain FTP
    commands without authorization.  A remote user may perform  denial
    of service attacks.   An attacker with  access to a  local account
    may gain unauthorized root access.  Source distributions which may
    contain vulnerable code include:

        - MIT Kerberos 5 releases krb5-1.1 and krb5-1.1.1
        - The  beta releases  krb5-1.1.2-beta1 and  krb5-1.2-beta2 are
          also vulnerable.

SOLUTION

    Non-vulnerable distributions:

        MIT Kerberos 5 releases krb5-1.0.x

    If  you  are   running  a  vulnerable   FTP  daemon,  disable   it
    immediately, usually by commenting  it out of your  inetd.conf and
    sending a SIGHUP to the inetd process.  To correct the bug,  apply
    the following patch, rebuild,  and reinstall ftpd on  the affected
    machines.   The  upcoming  krb5-1.2  release  will  correct   this
    problem.  There will be  a krb5-1.2-beta3 release later this  week
    that will correct this problem.

    These patches will apply against krb5-1.1.1, krb5-1.1.2-beta1, and
    krb5-1.2-beta2.  They will be made available on the web site at:

        http://web.mit.edu/kerberos/www/advisories/ftpd_111_patch.txt

    Patch:

    Index: ftpcmd.y
    ===================================================================
    RCS file: /cvs/krbdev/krb5/src/appl/gssftp/ftpd/ftpcmd.y,v
    retrieving revision 1.14
    diff -c -r1.14 ftpcmd.y
    *** ftpcmd.y	1999/03/24 22:14:02	1.14
    --- ftpcmd.y	2000/06/14 17:35:19
    ***************
    *** 865,871 ****
  			    $$ = 0;
  		    }
  		    else
    ! 			$$ = 1;
  	    }
  	    ;
      %%
    --- 865,871 ----
  			    $$ = 0;
  		    }
  		    else
    ! 			$$ = $1;
  	    }
  	    ;
      %%