WU-FTPD fb_realpath() Function Off-by-one Overflow

critical Nessus Plugin ID 11811

Synopsis

The remote FTP server is affected by a buffer overflow vulnerability.

Description

The remote WU-FTPD server seems to be vulnerable to an off-by-one overflow when dealing with huge directory structures.

An attacker may exploit this flaw to obtain a shell on this host.

Note that Nessus has solely relied on the banner of the remote server to issue this warning so it may be a false-positive, especially if the patch has already been applied.

Solution

Apply the realpath.patch patch.

See Also

http://www.securiteam.com/unixfocus/5ZP010AAUI.html

https://seclists.org/bugtraq/2003/Aug/43

http://www.nessus.org/u?9eabbd45

Plugin Details

Severity: Critical

ID: 11811

File Name: wu_ftpd_fb_realpath_offby1.nasl

Version: 1.28

Type: remote

Family: FTP

Published: 7/31/2003

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: ftp/wuftpd, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/31/2003

Reference Information

CVE: CVE-2003-0466

BID: 8315

RHSA: 2003:245-01

SuSE: SUSE-SA:2003:032