WU-FTPD restricted-gid Directory Access Restriction Bypass

Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote FTP server has an access restriction bypass vulnerability.

Description :

The remote host is running wu-ftpd 2.6.2 or older.

There is a bug in this version which may allow an attacker to bypass the
'restricted-gid' feature and gain unauthorized access to otherwise restricted
directories.

*** Nessus solely relied on the banner of the remote FTP server, so this might
*** be a false positive.

See also :

http://archives.neohapsis.com/archives/vendor/2004-q1/0073.html

Solution :

Upgrade to the latest version of the software.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 12098 ()

Bugtraq ID: 9832

CVE ID: CVE-2004-0148