WU-FTPD < 2.4.3 Directory Structure Processing Overflow

Critical Nessus Network Monitor Plugin ID 1810

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote WU-FTPD server is vulnerable to a buffer overflow bug when it processes directories structure names. An attacker may use this flaw by creating a huge directory structure with specially malformed names, and may be able to execute arbitrary commands on this host with the privileges of the FTP daemon (typically, root)

Solution

Upgrade to WU-FTPD 2.4.3 or higher.

Plugin Details

Severity: Critical

ID: 1810

File Name: 1810.prm

Family: FTP Servers

Published: 2004/08/20

Modified: 2016/01/19

Dependencies: 1850

Nessus ID: 10318

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-1999-0368, CVE-1999-0878, CVE-1999-0879, CVE-1999-0950

BID: 113, 599, 747, 2242

OSVDB: 1055, 1130, 14790, 248, 9163