WU-FTPD site_exec() Function Remote Format String

This script is Copyright (C) 2000-2014 A. de Bernis


Synopsis :

The remote host is running an FTP server with a remote root
vulnerability.

Description :

The version of WU-FTPD hosted on the remote server does not properly
sanitize the argument of the SITE EXEC command. It may be possible for
a remote attacker to gain root access.

See also :

http://marc.info/?l=bugtraq&m=96171893218000&w=2

Solution :

Upgrade to WU-FTPD version 2.6.1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 10452 ()

Bugtraq ID: 726
1387
2240

CVE ID: CVE-2000-0573