WarFTPd USER/PASS Command Remote Overflow

This script is Copyright (C) 2003-2011 Digital Defense, Inc.


Synopsis :

Arbitrary code can be run on the remote FTP server.

Description :

The version of War FTP Daemon running on this host contains a buffer
overflow in the code that handles the USER and PASS commands. A
potential intruder could use this vulnerability to crash the server,
as well as run arbitrary commands on the system.

Solution :

Upgrade to WarFTPd version 1.66x4 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 11207 (DDI_warftpd_user_overflow.nasl)

Bugtraq ID: 10078

CVE ID: CVE-1999-0256