Detections
Analytics

RHEL 2.1 : wu-ftpd (RHSA-2003:246)

critical Nessus Plugin ID 12413

Synopsis

The remote Red Hat host is missing a security update.

Description

Updated wu-ftpd packages are available that fix an off-by-one buffer overflow.

The wu-ftpd package contains the Washington University FTP (File Transfer Protocol) server daemon. FTP is a method of transferring files between machines.

An off-by-one bug has been discovered in versions of wu-ftpd up to and including 2.6.2. On a vulnerable system, a remote attacker would be able to exploit this bug to gain root privileges.

Red Hat Enterprise Linux contains a version of wu-ftpd that is affected by this bug, although it is believed that this issue will not be remotely exploitable due to compiler padding of the buffer that is the target of the overflow. However, Red Hat still advises that all users of wu-ftpd upgrade to these erratum packages, which contain a security patch.

Red Hat would like to thank Wojciech Purczynski and Janusz Niewiadomski of ISEC Security Research for their responsible disclosure of this issue.

Solution

Update the affected wu-ftpd package.

See Also

https://access.redhat.com/security/cve/cve-2003-0466

https://isec.pl/en/vulnerabilities/isec-0011-wu-ftpd.txt

https://access.redhat.com/errata/RHSA-2003:246

Plugin Details

Severity: Critical

ID: 12413

File Name: redhat-RHSA-2003-246.nasl

Version: 1.28

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:wu-ftpd, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/31/2003

Vulnerability Publication Date: 8/27/2003

Reference Information

CVE: CVE-2003-0466

RHSA: 2003:246