Slackware 9.0 / current : WU-FTPD Security Advisory (SSA:2003-259-03)

High Nessus Plugin ID 18726


The remote Slackware host is missing a security update.


Upgraded WU-FTPD packages are available for Slackware 9.0 and -
-current. These fix a problem where an attacker could use a specially crafted filename in conjunction with WU-FTPD's conversion feature (mostly used to compress files, or produce tar archives) to execute arbitrary commands on the server. In addition, a MAIL_ADMIN which has been found to be insecure has been disabled. We do not recommend deploying WU-FTPD in situations where security is required.


Update the affected wu-ftpd package.

See Also

Plugin Details

Severity: High

ID: 18726

File Name: Slackware_SSA_2003-259-03.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2005/07/13

Modified: 2013/06/01

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:wu-ftpd, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 2003/09/24

Vulnerability Publication Date: 2003/09/22

Reference Information

CVE: CVE-2003-1327

OSVDB: 2594

SSA: 2003-259-03