This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote FTP server is affected by a buffer overflow vulnerability.
Th remote Wu-FTPD server fails to properly check bounds on a pathname
when Wu-Ftpd is compiled with MAIL_ADMIN enabled resulting in a buffer
overflow. With a specially crafted request, an attacker can possibly
execute arbitrary code as the user Wu-Ftpd runs as (usually root)
resulting in a loss of integrity, and/or availability.
It should be noted that this vulnerability is not present within the
default installation of Wu-Ftpd.
The server must be configured using the 'MAIL_ADMIN' option to notify
an administrator when a file has been uploaded.
*** Nessus solely relied on the banner of the remote server
*** to issue this warning, so it may be a false positive.
See also :
Upgrade to Wu-FTPd 2.6.3 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false
Nessus Plugin ID: 14371 ()
Bugtraq ID: 8668
CVE ID: CVE-2003-1327
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.