Detections
Analytics

Slackware 9.0 / current : WU-FTPD Security Advisory (SSA:2003-259-03)

high Nessus Plugin ID 18726

Synopsis

The remote Slackware host is missing a security update.

Description

Upgraded WU-FTPD packages are available for Slackware 9.0 and -
-current. These fix a problem where an attacker could use a specially crafted filename in conjunction with WU-FTPD's conversion feature (mostly used to compress files, or produce tar archives) to execute arbitrary commands on the server. In addition, a MAIL_ADMIN which has been found to be insecure has been disabled. We do not recommend deploying WU-FTPD in situations where security is required.

Solution

Update the affected wu-ftpd package.

See Also

http://www.nessus.org/u?ea5b1806

Plugin Details

Severity: High

ID: 18726

File Name: Slackware_SSA_2003-259-03.nasl

Version: 1.16

Type: local

Published: 7/13/2005

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:wu-ftpd, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 9/24/2003

Vulnerability Publication Date: 9/22/2003

Reference Information

CVE: CVE-2003-1327

SSA: 2003-259-03