WU-FTPD Debug Mode Client Hostname Remote Format String

High Nessus Plugin ID 11331


The remote FTP server has a format string vulnerability.


The remote WU-FTPd server, according to its version number, is vulnerable to a format string attack when running in debug mode.


Upgrade to WU-FTPD version 2.6.2 or later.

See Also


Plugin Details

Severity: High

ID: 11331

File Name: wu_ftpd_pasv_format_string.nasl

Version: $Revision: 1.23 $

Type: remote

Family: FTP

Published: 2003/03/09

Modified: 2014/05/27

Dependencies: 10079, 10092

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: ftp/wuftpd, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2001/01/23

Reference Information

CVE: CVE-2001-0187

BID: 2296

OSVDB: 1744

CERT: 639760