This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote FTP server seems to be vulnerable to a remote buffer overflow.
This version of WU-FTPD contains a remote overflow if s/key support is enabled.
The skey_challenge function fails to perform bounds checking on the
name variable resulting in a buffer overflow.
With a specially crafted request, an attacker can execute arbitrary
code resulting in a loss of integrity and/or availability.
It appears that this vulnerability may be exploited prior to authentication.
It is reported that S/Key support is not enabled by default,
though some operating system distributions which ship WU-FTPD may have it
*** Nessus solely relied on the banner of the remote server
*** to issue this warning, so it may be a false positive.
See also :
Upgrade to WU-FTPD 2.6.3 when available or disable SKEY or apply the
patches available at http://www.wu-ftpd.org
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false
Nessus Plugin ID: 14372 ()
Bugtraq ID: 8893
CVE ID: CVE-2004-0185
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.