icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

WU-FTPD < 2.6.2 PASV Command Format String Arbitrary Code Execution

High

Synopsis

The remote host is running a vulnerable version of WU-FTPD server.

Description

The remote WU-FTPD server is vulnerable to a format string flaw when it is run in debug mode. An attacker may use this flaw to execute arbitrary code on this host by sending a PASV command with a specially crafted argument.

Solution

Upgrade to WU-FTPD 2.6.2 or higher.