New vulnerability in wu-ftp
Results 1 to 3 of 3

Thread: New vulnerability in wu-ftp

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    831

    New vulnerability in wu-ftp

    Recieved in a TechRepublic email.

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    A recently found vulnerability has been confirmed in the wu-ftpd FTP daemon. This vulnerability is remotely exploitable and can be used to execute arbitrary code on the vulnerable FTP server.

    Because wu-ftpd is such a popular and widely used FTP server, not only for Linux but for other UNIX-derivatives like BSD systems, the security impact is quite high. The fact that most FTP servers in use these days provide anonymous FTP access compounds the problem. This means that a user doesn't even have to authenticate himself or herself on the server as a real user in order to exploit this vulnerability.

    The problem is due to the "file globbing" support in wu-ftpd. This globbing allows clients to organize files for FTP actions, such as list and download, based on patterns. A heap corruption problem in the wu-ftpd, in its most innocent form, will simply cause the FTP server to die with a segfault. Unfortunately, this same corruption problem can be exploited to run programs on the server that the user should not be permitted to execute.

    Most vendors have released updates to fix this problem quickly. Therefore, if you are running a version of wu-ftpd installed prior to Nov. 27, 2001, you are vulnerable and need to obtain an update from your vendor.
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"
    Share on Google+

  2. #2
    Hey Matty that's how I get free software from Microsoft. I use the WU ftp at school. I've known that for a long time. It's weird how it's just now getting around. Anyway I'm 2 up from you. lol. Good thread
    Share on Google+

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    831
    Well, I received it in my email today, so I thought it might actually be a new one..

    I'd heard about a wu-ftp vulnerability previously, but thought this was new... oh well, time to go smack TechRepublic upside the head...

    I'll get you freeOn, don't you worry...
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •