WU-FTPD fb_realpath() Function Off-by-one Overflow

Critical Nessus Plugin ID 11811


The remote FTP server is affected by a buffer overflow vulnerability.


The remote WU-FTPD server seems to be vulnerable to an off-by-one overflow when dealing with huge directory structures.

An attacker may exploit this flaw to obtain a shell on this host.

Note that Nessus has solely relied on the banner of the remote server to issue this warning so it may be a false-positive, especially if the patch has already been applied.


Apply the realpath.patch patch.

See Also




Plugin Details

Severity: Critical

ID: 11811

File Name: wu_ftpd_fb_realpath_offby1.nasl

Version: $Revision: 1.26 $

Type: remote

Family: FTP

Published: 2003/07/31

Modified: 2016/11/01

Dependencies: 10092, 10079

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: ftp/wuftpd, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2003/07/31

Reference Information

CVE: CVE-2003-0466

BID: 8315

OSVDB: 2133

RHSA: 2003:245-01

SuSE: SUSE-SA:2003:032