WU-FTPD site_exec() Function Remote Format String

This script is Copyright (C) 2000-2014 A. de Bernis

Synopsis :

The remote host is running an FTP server with a remote root

Description :

The version of WU-FTPD hosted on the remote server does not properly
sanitize the argument of the SITE EXEC command. It may be possible for
a remote attacker to gain root access.

See also :


Solution :

Upgrade to WU-FTPD version 2.6.1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 10452 ()

Bugtraq ID: 726

CVE ID: CVE-2000-0573