WU-FTPD restricted-gid Directory Access Restriction Bypass

Copyright (C) 2004-2014 Tenable Network Security, Inc.

Synopsis :

The remote FTP server has an access restriction bypass vulnerability.

Description :

The remote host is running wu-ftpd 2.6.2 or older.

There is a bug in this version which may allow an attacker to bypass the
'restricted-gid' feature and gain unauthorized access to otherwise restricted

*** Nessus solely relied on the banner of the remote FTP server, so this might
*** be a false positive.

See also :


Solution :

Upgrade to the latest version of the software.

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.3
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 12098 ()

Bugtraq ID: 9832

CVE ID: CVE-2004-0148