SUSE-SA:2003:032: wuftpd

critical Nessus Plugin ID 13801

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2003:032 (wuftpd).


Janusz Niewiadomski and Wojciech Purczynski of iSEC Security Research have found a single byte buffer overflow in the Washington University ftp daemon (wuftpd), a widely used ftp server for Linux-like systems.
It is yet unclear if this bug is (remotely) exploitable. Positive exploitability may result in a remote root compromise of a system running the wuftpd ftp daemon.

Notes:
* SUSE LINUX products do not contain wuftpd any more starting with SUSE Linux 8.0 and SUSE LINUX Enterprise Server 8. The wuftpd package has been substituted by a different server implementation of the file transfer protocol server.
* The affected wuftpd packages in products as stated in the header of this announcement actually ship two different wuftpd ftp daemon versions: The older version 2.4.x that is installed as /usr/sbin/wu.ftpd, the newer version 2.6 is installed as /usr/sbin/wu.ftpd-2.6 . The 2.4.x version does not contain the defective parts of the code and is therefore not vulnerable to the weakness found.
* If you are using the wuftpd ftp daemon in version 2.4.x, you might want to update the package anyway in order not to risk an insecure configuration once you switch to the newer version.

There exists no workaround that can fix this vulnerability on a temporary basis other than just using the 2.4.x version as mentioned above.
The proper fix for the weakness is to update the package using the provided update packages.

Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update.

Solution

http://www.suse.de/security/2003_032_wuftpd.html

Plugin Details

Severity: Critical

ID: 13801

File Name: suse_SA_2003_032.nasl

Version: 1.17

Agent: unix

Published: 7/25/2004

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2003-0466

BID: 8315